Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make @babel, browserslist versions ^ #10697

Closed
wants to merge 1 commit into from
Closed

make @babel, browserslist versions ^ #10697

wants to merge 1 commit into from

Conversation

dulmandakh
Copy link

Babel, and browserlist are well maintained open source project, thus propose to make versions less explicit or use ^ so that developers have less duplication.

@gregmarr gregmarr mentioned this pull request May 17, 2021
Open
@gregmarr
Copy link

@iansu @mrmckeb @ianschmitz @petetnt The current dependencies include a pinned version that has a security vulnerability. Can this please be reviewed so that we can resolve this issue?

@gregmarr gregmarr mentioned this pull request May 27, 2021
Closed
@stale
Copy link

stale bot commented Jun 26, 2021

This pull request has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs.

@stale stale bot added the stale label Jun 26, 2021
@gregmarr
Copy link

Not stale

@stale stale bot removed the stale label Jun 26, 2021
@mlegait
Copy link

mlegait commented Jul 15, 2021

Any news about this? 🙂

@Hypnosphi
Copy link

@mlegait if you're asking it because of npm audit, please read this:
#11174

@mlegait
Copy link

mlegait commented Jul 16, 2021

@Hypnosphi I was asking because of OWASP dependency-check, but it's clearly the same as npm audit.

Thank you for your answer. But I'm still curious, why block the version number? Why not add a ^?

@Hypnosphi
Copy link

@mlegait here's some explanation: #11174 (comment)

@dulmandakh
Copy link
Author

My motivation is to reduce duplicate dependencies in my projects with slight patch version difference.

@dulmandakh
Copy link
Author

@gaearon please review and merge

@tcirstea tcirstea mentioned this pull request Aug 31, 2021
Merged
@stale
Copy link

stale bot commented Jan 9, 2022

This pull request has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs.

@stale stale bot added the stale label Jan 9, 2022
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ianschmitz ianschmitz Awaiting requested review from ianschmitz

@iansu iansu Awaiting requested review from iansu

@mrmckeb mrmckeb Awaiting requested review from mrmckeb

@petetnt petetnt Awaiting requested review from petetnt

Assignees
No one assigned
Labels
CLA Signed stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dulmandakh @gregmarr @mlegait @Hypnosphi @facebook-github-bot