Skip to content

Bump dev deps 2019-02-10 #3532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 11, 2019
Merged

Bump dev deps 2019-02-10 #3532

merged 3 commits into from
Feb 11, 2019

Conversation

etpinard
Copy link
Contributor

fixing this low-severity security alert

image

https://github.com/plotly/plotly.js/network/alert/package-lock.json/lodash/open

going from

image

to

image

and bumping a few other dev deps along the way.

cc @plotly/plotly_js

archmoj
archmoj reviewed Feb 11, 2019
View reviewed changes
Copy link
Contributor

@archmoj archmoj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@etpinard Thanks for the PR.
Please find my comment below.

package-lock.json
@@ -4047,7 +4110,8 @@
"ansi-regex": {
"version": "2.1.1",
"bundled": true,
"dev": true
"dev": true,
"optional": true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've got a difference when I npm i.
It seems we could remove this line ("optional": true) as well as few others below.
@etpinard please let me know if you wanted me to push a commit to remove those?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which version of npm are you using? I'm on 6.7.0

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My npm version is at 6.4.1

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you bump your npm version to 6.7.0 and try npm i again?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool! With 6.7.0 I've got no difference.

@archmoj
Copy link
Contributor

archmoj commented Feb 11, 2019

Just as another note, this is the only difference I noticed between the current master and the new publish, which should be OK.
screenshot from 2019-02-10 19-42-42

@etpinard
Copy link
Contributor Author

etpinard commented Feb 11, 2019
edited
Loading

Just as another note, this is the only difference I noticed between the current master and the new publish, which should be OK.

Those are just randomly-generated string ids. This PR only upgrades dev dependencies, so yeah we're good.

@archmoj
Copy link
Contributor

archmoj commented Feb 11, 2019

@etpinard Thanks for the PR.
Well done.
💃

@etpinard etpinard merged commit 59405d8 into master Feb 11, 2019
@etpinard etpinard deleted the bump-dev-deps-2019-02-10 branch February 11, 2019 15:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@archmoj archmoj archmoj left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@etpinard @archmoj