Clean dependencies and vulnerability warnings #419
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Merge changes from tunnelvisionlabs/antlr4ts
Modern versions of NPM report security about a dozen vulnerabilities in the deendencies we are importing. It turns out that the majority of them (all but 2) were indirectly the result of a dependency on package typedoc, which we weren't really using anyway.
This remove one more known vulneraility warning from NPM.
This gets the latest upward-compatible versions of build dependencies, including typescript up to v2.9.2. Still has full tests (622) passing. Done as a final step before moing to typescript@3.
|
stale |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Modern versions of NPM are reporting security vulnerabilities among our build-time dependencies. This PR installs build infrastructure upgrades, including the latest compatible versions of tools we are using, and an upgrade to version 3.0 o the typescript compiler.
Note that TypeScript 3.0 adds a project dependency feature that should allow further cleanup of our build process to eliminate additional the kludges in the build process, including use of the NPM link command. Instead with 3.0 we can make explicit references between sub-projects, but this is not yet done.
Upgrading to TypeScript 3.1 and above is postponed to troubleshoot related errors, hopefully these go away we make use of the TypeScript project dependency feature.