Removed event-stream dependency #164
Conversation
|
#165 |
package.json
Outdated
| @@ -29,7 +29,7 @@ | |||
| "homepage": "https://github.com/JacksonGariety/gulp-nodemon", | |||
| "dependencies": { | |||
| "colors": "^1.2.1", | |||
| "event-stream": "^3.3.4", | |||
| "event-stream": "3.3.4", | |||
There was a problem hiding this comment.
maybe add the = operator to be more explicit
|
Or update to [email protected] (a la #165 ), which is also clean of the bogus flatmap-stream dep. |
yep, that sounds better |
|
I have updated the PR. Ever since @joebowbeer commented: 'burn-me-once principle: move off of event-stream', I checked if it was used anywhere and ran the test, but couldn't find any problems after removing it entirely. Could people verify? Then I think this is the best fix (reference)? Don't require it if you don't need it. |
|
This looks great now, @aal89 👍 Indeed looks like |
|
@JacksonGariety hope you're not very busy — would be fantastic to get this change in and new version bumped in NPM. Thanks for all your work! ❤️ |
|
I was curious why |
|
@rkmarks I looked through the history and it seems that it once had a purpose, however somewhere down the road it had been removed, just never as a dependency.
|
|
that's all @aal89, thanks for your help. @JacksonGariety woulb be great if we can get these changes in a new version |
What does this PR do?
LocksRemoves the event-stream dependency and updates nodemon dependency to1.18.7to mitigate a possible attack. Also included thepackage-lock.jsonfile to have reproducible builds. This most probably helps to stay safer.Background
dominictarr/event-stream#116
Resolves
#163