Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates dependencies and ups version to 0.0.10 #85

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Updates dependencies and ups version to 0.0.10 #85

wants to merge 7 commits into from

Conversation

nigelmegitt
Copy link
Collaborator

Tracking pull request, addresses vulnerabilities

@nigelmegitt
Update dependencies
62fd77f 
* `babel-plugin-istanbul` `6.0.0 -> 6.1.1`
* `webpack-cli` `4.9.0 -> 4.9.1`
danielthepope
danielthepope reviewed Oct 19, 2021
View reviewed changes
Copy link
Member

@danielthepope danielthepope left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I followed the Setup instructions in the README.

When I run npm install, I get the message

npm WARN read-shrinkwrap This version of npm is compatible with lockfileVersion@1, but package-lock.json was generated for lockfileVersion@2. I'll try to do my best with it!

After it has installed, the lockfileVersion gets set to 1, so perhaps something isn't documented correctly?

npm --version gives me 6.14.11, which is the one installed when I ran nvm install 14.16.0. Perhaps you also need to add how to update NPM? I think it's npm install -g npm

@nigelmegitt
Copy link
Collaborator Author

Thanks @danielthepope I think I've built it with a more recent version of npm (7.24.2) so that might explain the unnecessary discrepancy. I either update the README minimum node version, or install the older version and use that to rebuild it, I suppose!

@danielthepope
Copy link
Member

I would suggest using whatever is being offered in the latest LTS release, but I'm not up to date with "how things are developed in Node", so I think you should ask someone who is more in the know. e.g. are there security implications with using the older version of NPM?

@nigelmegitt
Track dependency updates
fc97f51 
* `babel-loader` `8.2.2 -> 8.2.3`
* `webpack` `5.58.2 -> 5.59.1`
@nigelmegitt
Update node version to 14.8.1
202f2e0 
Most recent LTS version of node. Hopefully addresses @danielthepope 's review comment.
@nigelmegitt
Update to npm 8.1.1
9a2028a
@nigelmegitt
Copy link
Collaborator Author

I've switched to the latest LTS version of nvm, which is currently 14.8.1, and the latest version of npm, which is 8.1.1 and updated the README to reflect those, so hopefully that will address your comments @danielthepope

The suggestion in the README is now to use nvm install-latest-npm as a setup step, which is probably the easiest way to upgrade npm.

@danielthepope
Copy link
Member

OK, that's much better. The only thing I would point out now is the version mismatch between package.json and package-lock.json. When I ran npm install it updated the version in package-lock.json - and I think that new version should be part of this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielthepope danielthepope danielthepope left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nigelmegitt @danielthepope