Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates dependencies and ups version to 0.0.10 #85

Open
wants to merge 7 commits into
base: main
Choose a base branch
from

Conversation

nigelmegitt
Copy link
Collaborator

Tracking pull request, addresses vulnerabilities

* `babel-plugin-istanbul` `6.0.0 -> 6.1.1`
* `webpack-cli` `4.9.0 -> 4.9.1`
Copy link
Member

@danielthepope danielthepope left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I followed the Setup instructions in the README.

When I run npm install, I get the message

npm WARN read-shrinkwrap This version of npm is compatible with lockfileVersion@1, but package-lock.json was generated for lockfileVersion@2. I'll try to do my best with it!

After it has installed, the lockfileVersion gets set to 1, so perhaps something isn't documented correctly?

npm --version gives me 6.14.11, which is the one installed when I ran nvm install 14.16.0. Perhaps you also need to add how to update NPM? I think it's npm install -g npm

@nigelmegitt
Copy link
Collaborator Author

Thanks @danielthepope I think I've built it with a more recent version of npm (7.24.2) so that might explain the unnecessary discrepancy. I either update the README minimum node version, or install the older version and use that to rebuild it, I suppose!

@danielthepope
Copy link
Member

I would suggest using whatever is being offered in the latest LTS release, but I'm not up to date with "how things are developed in Node", so I think you should ask someone who is more in the know. e.g. are there security implications with using the older version of NPM?

* `babel-loader` `8.2.2 -> 8.2.3`
* `webpack` `5.58.2 -> 5.59.1`
Most recent LTS version of node. Hopefully addresses @danielthepope 's review comment.
@nigelmegitt
Copy link
Collaborator Author

I've switched to the latest LTS version of nvm, which is currently 14.8.1, and the latest version of npm, which is 8.1.1 and updated the README to reflect those, so hopefully that will address your comments @danielthepope

The suggestion in the README is now to use nvm install-latest-npm as a setup step, which is probably the easiest way to upgrade npm.

@danielthepope
Copy link
Member

OK, that's much better. The only thing I would point out now is the version mismatch between package.json and package-lock.json. When I ran npm install it updated the version in package-lock.json - and I think that new version should be part of this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants