-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): pin lru-cache ver, *downgrade* rimraf and glob to ensure compat with node 14.17; block updates to newer majors #4139
Conversation
…or; block updates to newer majors isaacs aggressively dropped support for Node.js versions in the latest majors of these packages. Let's stop dependabot creating PRs for them again.
More complexity to support Node.js 14.17. globThe penultimate glob@10 release supported these Node.js versions:
but then "engines" was dropped entirely in latest "10" in maintainer frustration. We need Node.js 14.17 support currently and glob@10 latest doesn't work with that (uses
I'm choosing option 2: rimrafLikewise we may need rimraf@4, because latest rimraf@5 is min Node.js 14.20 and uses glob@10. lru-cachelru-cache is slightly more painful
Practically I think lru-cache@10 will no longer change and I think it will work with 14.17 (our current min-node). Solution: Update to [email protected] and lock to that version. This satisfies the current glob@9 deps, has the [email protected] fix we want and is before [email protected] started dropping versions. |
Annnnnd further back we go. The issue now is that glob@9 depends on path-scurry@1. Later versions of path-scurry@1 bumped the min-supported Node.js version to 14.18:
for the legitimate reason that using It would have been nice if this had been done in a new major version, but (a) that ship has sailed and (b) I can see why bumping from "14" to "14.18" as a min-supported node feels like something one could get away with in a minor. options
I think options 2 and 3 are reasonable to do, in general. However, I'd rather not for this PR that was just about bumping some deps. Also, doing this just for devDeps feels a bit like the tail wagging the dog, so let's not bump our min-node for now. That means option 1. Let's see if that works. It will mean this warning on npm install:
|
… compat with node 14.17; block updates to newer majors (#4139)
… compat with node 14.17; block updates to newer majors (elastic#4139)
isaacs aggressively dropped support for Node.js versions in the latest majors
of these packages. Let's stop dependabot creating PRs for them again.