Bump karma-related dependencies #119
Conversation
I'm seeing odd errors in versions of Karma more recent than 3.0.0. While I investiage, I'd like to see what Github has to say about these dependencies (we got some vulnerability messages for earlier versions)
|
Specifically Karma expects preprocessors to return a "files" object that has fields including "encodings" as of 3.1.0 and the karma-closure plugin (https://www.npmjs.com/package/karma-closure) is quite old + not maintained, and as a result doesn't conform to the new API. So, if we use versions >=3.1.0 of Karma, it throws an exception when running the closure preprocessor. |
There was a problem hiding this comment.
OK I'm not sure I completely understand what you want to do. What does "what GitHub has to say about dependencies" mean? GitHub doesn't do vulnerability scans, does it? Also are we using the karma-closure plugin? If we are and the plugin is not compatible with Karma 3.1.0, why would we want to bump the version?
Reviewed 2 of 2 files at r1.
Reviewable status:complete! all files reviewed, all discussions resolved
There was a problem hiding this comment.
Did you not get these emails about a potential security vulnerability in NPM packages?
We are using the karma-closure plugin--I'm explaining the reasoning why we cannot bump Karma past 3.0.0
Reviewable status:
There was a problem hiding this comment.
Reviewable status:
There was a problem hiding this comment.
I verified that this fixes the issues that Github identified -- it brings all those dependencies' versions into a proper state, at least according to those emails
Reviewable status:
I'm seeing odd errors in versions of Karma more recent than 3.0.0. While
I investiage, I'd like to see what Github has to say about these
dependencies (we got some vulnerability messages for earlier versions)
This change is