Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: update configstore to include patched legacy dot-prop #187

Closed
wants to merge 64 commits into from
Closed

build: update configstore to include patched legacy dot-prop #187

wants to merge 64 commits into from

Conversation

cmdcarini
Copy link

This continues the work from sindresorhus/configstore#72 and sindresorhus/dot-prop#61 and updates update-notifier to include these changes.

Please merge to a branch other than master and publish to v2.5.1

sindresorhus and others added 30 commits August 16, 2020 15:07
@sindresorhus @cmdcarini
0.3.2
d120a8d
@kevva @cmdcarini
Respect the --no-update-notifier flag
17f08be 
Fixes #50.
@sindresorhus @cmdcarini
replace custom fill fn with faster repeat fn
25c127f
@sindresorhus @cmdcarini
0.4.0
a539cd3
@kemitchell @cmdcarini
use a valid SPDX license identifier
a54021e
@sindresorhus @cmdcarini
bump deps
08af9a7
@sindresorhus @cmdcarini
0.5.0
abcaf19
@cmdcarini
Use minimal pkg instead of full package.json
9c43311 
We rewrite `options.pkg` to hold only the information we need (name and
version). So when we call node with check.js we no longer pass the
entire content of package.json as a command line argument.

This resolves #57.
@sindresorhus @cmdcarini
tweaks
dc6be5e
@sindresorhus @cmdcarini
add XO
3f7dddb 
https://github.com/sindresorhus/xo
@sindresorhus @cmdcarini
bump deps
5b68c19 
fixes #62
@SBoudrias @cmdcarini
0.6.0
22a1869
@sindresorhus @cmdcarini
improve the update notification message
bd42d57 
And extract most of the code into a separate module.
@sindresorhus @cmdcarini
0.6.1
3b7adb6
@LinusU @cmdcarini
fix typo
04f9fae
@sindresorhus @cmdcarini
0.6.2
d13a0f3
@radiovisual @cmdcarini
Update number of update-notifier users
313a7ac 
The number of modules pulling update-notifier in as a dependency has ballooned from 100+ to [600+](https://www.npmjs.com/browse/depended/update-notifier?offset=606)
@nikeee @cmdcarini
Change configstore dependency version to 2.0.0
949cfef
@sindresorhus @cmdcarini
remove package.json junk introduced in #73
1c13a77
@SBoudrias @cmdcarini
0.6.3
bcf631b
@sindresorhus @cmdcarini
meta tweaks
c818c90
@nexdrew @cmdcarini
feat: handle configstore error gracefully (#79)
8f13e69
@callumlocke @cmdcarini
show message on sigint as well as exit (#75)
dbb3c57 
fixes #74
@SBoudrias @cmdcarini
0.7.0
b460fc8
@nexdrew @cmdcarini
feat: center-align message via boxen@0.6.0 (#84)
bf005cc 
* feat: center-align message via boxen@0.6.0

* test: simplify use of clear-require
@matheuss @cmdcarini
Add options to customize the notification message (#83)
4d2183e
@SBoudrias @cmdcarini
1.0.0
efd29cc
@nexdrew @cmdcarini
docs: add align: 'center' to default boxenOpts (#86)
e817f00
@nexdrew @cmdcarini
docs: h3 -> h4 for options.boxenOpts (#87)
2b6e7bb
@sindresorhus @cmdcarini
fix XO lint issues
18d83c8
wtgtybhertgeghgtwtg and others added 27 commits August 16, 2020 15:07
@wtgtybhertgeghgtwtg @cmdcarini
Bump minimum supported node version to node@4. (#102)
08f01a4
@sindresorhus @cmdcarini
Update dependencies
9ea68d4
@sindresorhus @cmdcarini
Improve readme
ef32407
@sindresorhus @cmdcarini
ES2015ify
551914e
@sindresorhus @cmdcarini
2.0.0
fbda8c5
@colingourlay @cmdcarini
Add option to exclude -g argument from default update message (#105)
b8701b3
@sindresorhus @cmdcarini
2.1.0
f6f647a
@mischah @cmdcarini
Add npm as »reference« (#108)
5d85d18 
… see: npm/npm@148ee66
@sindresorhus @cmdcarini
Meta tweaks
4b24b5b
@wejendorp @cmdcarini
Bail if notify is disabled (#110)
f3e30c5 
Avoids initializing configStore and related errors if environment variable or argv disables notifier.
@SBoudrias @cmdcarini
2.2.0
ad4f1b6
@develar @cmdcarini
Update chalk to 2.0.1 (#117)
9d31fc7
@timdeschryver @cmdcarini
Move to AVA for testing (#121)
5b4412b
@sindresorhus @cmdcarini
Meta tweaks
1a2bd7e
@timdeschryver @cmdcarini
Add is-installed-globally for auto-detection (#114)
4514848
@sindresorhus @cmdcarini
package.json indentation
15ef71c
@sindresorhus @cmdcarini
Force bump boxen dependency
65d7009 
Fixes #125
@sindresorhus @cmdcarini
2.3.0
6ef4e2d
@meain @cmdcarini
Fix typo in README (#128)
4a87e5d
@SimenB @cmdcarini
Disable on CI (#116)
da8e76f
@sindresorhus @cmdcarini
Update URL to XO
5a2a529
@willnode @cmdcarini
Fix URI Scheme in package.json (#136)
f786a5e
@sindresorhus @cmdcarini
Add license file
a3f545e
@sindresorhus @cmdcarini
2.4.0
d16dc56
@alexccl @cmdcarini
Add ability to bypass isNpm check with shouldNotifyInNpmScript opti…
084b648 
…on (#127)

* Added ability to bypass isNpm with 'shouldNotifyInNpmScript' option

* Updated readme with option

* Fixed grammatical error in readme

* Rename skipIsNpmCheck to shouldNotifyInNpmScript

* Refactored test to use renamed shouldNotifyInNpmScript property
@SBoudrias @cmdcarini
2.5.0
83075f3
@cmdcarini
build: update configstore to patched version of legacy dot-prop
c442aba
@cmdcarini cmdcarini mentioned this pull request Aug 16, 2020
Closed
@ruyadorno
Copy link

Given that dot-prop is a transitive dependency and the configstore declaration in the package.json file uses the caret range definition, this change is not really needed.

Any consumer of update-notifier just needs to run npm audit fix OR npm install update-notifier@2.5.0 in order to fix the vulnerability warning from dot-prop.

Thanks for the contribution! 😊

@ruyadorno ruyadorno closed this Aug 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.