-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump karma-related dependencies #119
Conversation
I'm seeing odd errors in versions of Karma more recent than 3.0.0. While I investiage, I'd like to see what Github has to say about these dependencies (we got some vulnerability messages for earlier versions)
Specifically Karma expects preprocessors to return a "files" object that has fields including "encodings" as of 3.1.0 and the karma-closure plugin (https://www.npmjs.com/package/karma-closure) is quite old + not maintained, and as a result doesn't conform to the new API. So, if we use versions >=3.1.0 of Karma, it throws an exception when running the closure preprocessor. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK I'm not sure I completely understand what you want to do. What does "what GitHub has to say about dependencies" mean? GitHub doesn't do vulnerability scans, does it? Also are we using the karma-closure plugin? If we are and the plugin is not compatible with Karma 3.1.0, why would we want to bump the version?
Reviewed 2 of 2 files at r1.
Reviewable status: complete! all files reviewed, all discussions resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you not get these emails about a potential security vulnerability in NPM packages?
We are using the karma-closure plugin--I'm explaining the reasoning why we cannot bump Karma past 3.0.0
Reviewable status: complete! all files reviewed, all discussions resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I verified that this fixes the issues that Github identified -- it brings all those dependencies' versions into a proper state, at least according to those emails
Reviewable status: complete! all files reviewed, all discussions resolved
I'm seeing odd errors in versions of Karma more recent than 3.0.0. While
I investiage, I'd like to see what Github has to say about these
dependencies (we got some vulnerability messages for earlier versions)
This change is