Skip to content

Update dependencies #1170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 14, 2020
Merged

Update dependencies #1170

merged 1 commit into from
Mar 14, 2020

Conversation

dcodeIO
Copy link
Member

@dcodeIO dcodeIO commented Mar 14, 2020

This is basically #1168, but keeps the duplicate dependencies/devDependencies so we still support installing --prod from GH. Also upgraded upstream dependencies of our dependencies and uses my package-lock, which differs between OSes, as ground truth.

@dcodeIO dcodeIO requested a review from MaxGraey March 14, 2020 10:10
@MaxGraey
Copy link
Member

But I'm not sure is it necessary support npm i AssemblyScript/assemblyscript today? When we have daily night builds?

@dcodeIO
Copy link
Member Author

dcodeIO commented Mar 14, 2020

This again makes me wonder a bit about the usefulness of committing a package-lock. While it prevents unintended breaking changes, it also has the downside that if there is a vulnerable package the exact version of the package becomes pinned, even though just reinstalling dependencies would fix this. Like, ts-node depends on minimist ~1.2.0, which would upgrade just fine to 1.2.5, but is prevented by package-lock?!

@dcodeIO
Copy link
Member Author

dcodeIO commented Mar 14, 2020

But I'm not sure is it necessary support npm i AssemblyScript/assemblyscript today? When we have daily night builds?

It's certainly exotic, yet is easy to support and might be useful if someone wants to install a specific PR from a forked branch for testing that isn't merged yet. Let's say you fork, make changes, perhaps not even a PR, then I could install that exact forked branch via GH for a quick test run.

@dcodeIO dcodeIO merged commit 58e7fd3 into master Mar 14, 2020
@dcodeIO dcodeIO mentioned this pull request Mar 14, 2020
Closed
@dcodeIO dcodeIO deleted the deps branch March 15, 2020 13:34
@ekmixon ekmixon mentioned this pull request Nov 5, 2022
Open
@MaxMood96 MaxMood96 mentioned this pull request Nov 5, 2022
Open
@MaxMood96 MaxMood96 mentioned this pull request Dec 25, 2022
Open
@ekmixon ekmixon mentioned this pull request Dec 26, 2022
Open
@MaxMood96 MaxMood96 mentioned this pull request Jun 23, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MaxGraey MaxGraey MaxGraey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dcodeIO @MaxGraey