Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update packages, including resolving nested requirements to non-vulnerable versions #512

Closed
wants to merge 1 commit into from
Closed

chore: update packages, including resolving nested requirements to non-vulnerable versions #512

wants to merge 1 commit into from

Conversation

katelynsills
Copy link
Contributor

Update packages, including resolving nested requirements to non-vulnerable versions

Related to Agoric/agoric-sdk#3007

@katelynsills katelynsills requested a review from dckc June 1, 2021 22:28
@katelynsills katelynsills self-assigned this Jun 1, 2021
dckc
dckc approved these changes Jun 1, 2021
View reviewed changes
Copy link
Member

@dckc dckc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing this promptly. The resolutions item in package.json looks particularly handy!

package.json
@@ -127,5 +127,9 @@
"prettier": {
"trailingComma": "all",
"singleQuote": true
},
"resolutions": {
"postcss": "8.3.0",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nifty!

TIL: Selective dependency resolutions | Yarn
cc @kriskowal @warner @michaelfig

yarn.lock
resolved "https://registry.yarnpkg.com/is-string/-/is-string-1.0.5.tgz#40493ed198ef3ff477b8c7f92f644ec82a5cd3a6"
integrity sha512-buY6VNRjhQMiF1qWDouloZlQbRhDPCebwxSjxMjxgemYT46YMd2NR0/H+fBhEfWX4A/w9TBJ+ol+okqJKFE6vQ==

is-svg@^3.0.0:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like is-svg goes away completely. cool.

@katelynsills
Copy link
Contributor Author

Looks like the build is having trouble, so my pushing the envelope on what Vuepress will use may have been too far. Vuepress has not released a new version that updates the dependencies though. This needs more effort.

@katelynsills
Copy link
Contributor Author

Ah, Vuepress v1 is no longer supported because they are working on v2: vuejs/vuepress#2744

@katelynsills katelynsills mentioned this pull request Jun 3, 2021
Closed
@katelynsills
Copy link
Contributor Author

Closing as the resolutions forcing Vuepress to use updated dependencies break Vuepress V1. See #513 for the issue to migrate to V2

@katelynsills katelynsills deleted the update-packages branch June 4, 2021 20:50
@dckc dckc added the wontfix label Jun 4, 2021
@katelynsills katelynsills mentioned this pull request Jun 5, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dckc dckc dckc approved these changes

Assignees

@katelynsills katelynsills

Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@katelynsills @dckc