-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New major release 4 #53
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The real change leading to this major version increase will follow.
This decision has been made due to soon ending security support for versions 14 and 16. From now on it is not guaranteed any more that this tool will work under NodeJS < v16.
This updates the file format of the package-lock.json from lockfileVersion 1 to lockfileVersion 2 as well as some dependencies: ``` npm WARN old lockfile npm WARN old lockfile The package-lock.json file was created with an old version of npm, npm WARN old lockfile so supplemental metadata must be fetched from the registry. npm WARN old lockfile npm WARN old lockfile This is a one-time fix-up, please be patient... npm WARN old lockfile removed 3 packages, and audited 491 packages in 24s 65 packages are looking for funding run `npm fund` for details flat <5.0.1 Severity: critical flat vulnerable to Prototype Pollution - GHSA-2j2x-2gpw-g8fm fix available via `npm audit fix --force` Will install jenkins-mocha@6.0.0, which is a breaking change node_modules/flat yargs-unparser <=1.6.3 Depends on vulnerable versions of flat node_modules/yargs-unparser mocha 5.1.0 - 9.2.1 Depends on vulnerable versions of minimatch Depends on vulnerable versions of yargs-unparser node_modules/mocha jenkins-mocha >=7.0.0 Depends on vulnerable versions of mocha node_modules/jenkins-mocha minimatch <3.0.5 Severity: high minimatch ReDoS vulnerability - GHSA-f8q6-p94x-37v3 fix available via `npm audit fix --force` Will install jenkins-mocha@6.0.0, which is a breaking change node_modules/mocha/node_modules/minimatch 5 vulnerabilities (2 high, 3 critical) ```
Alas, I definitely let this hang loose too much. I should use a release- checklist. But in order to think of it, I would need a think-of checklist. Vicious circle.
I just realized that this project now ha a SECURITY.md file. Never heard of it before, but I love the idea and obviously have to get informed about how this thing works. Hopefully there is some kind of automation on GitHubs side for it?!
I don't know why I did not have it from the beginning on - I love .editorconfig files! It was about time to add it to this project.
Unfortunately, this detail does not really what I want it to, but maybe it's also a gift for now, as it does not prevent older NodeJS and npm versions to work with release 4.0.0, which will of course work. But still, since package.json offers this kind of information, I make use of it. Also, I re-ordered the attributes of the JSON file, as I felt that the dependencies should go last. Might be that I (or you) will change my mind on this again.
This was missing, I found.
These were missing, I found.
This is a preparation for the introduction of ESlint
From now on, lint-staged should run PrettierJS and ESlint before every commit. This is what we need.
The pre-commit-hook should run lint-staged every time someone wants to commit a file to the project.
I don't know - this new thing takes way too much time on every commit, it seems. I probably will have to improve this pre-commit hook.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
.editorconfig
file