-
Notifications
You must be signed in to change notification settings - Fork 320
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump iframe-resizer from 4.3.9 to 4.4.2 #5035
Conversation
📋 StatsFile sizes
Modules
View stats and visualisations on the review app Action run for ca00133 |
I don't think there's anything too suspicious going on, but the changes between 4.3.9 and 4.4.2 are a bit all over the place… there's no entries for 4.4.x in the changelog on either the I can't see anything particularly important in the diff other than a large postinstall message advertising a new v5 release (although I believe postinstall scripts run in the background since npm v7). It does look like the license has changed from MIT to GPL v3 as part of the v5 release. According to the iframe resizer website this means that our project would also need to be published under GPL v3, which I think means we'll need to stay on v4 for now. Overall I'm inclined to close this? |
553e9e3
to
4552777
Compare
Adding to Ollie's comment above with my 2 pence: In short I agree with Ollie that it's a bit messy and that their priority appears to now be v5 with support for v4. I don't see anything here to suggest we shouldn't merge it but I'm deffinately not gonna die on that hill. It's probably simpler to close it. It also throws doubt on if we should continue using iframe resizer if we can get away without it. It feels to me like managing this may just lead to a bunch of headaches... |
Depending on where you look, 4.4.2 advertises either:
I agree with closing given the uncertainty 😊 We should also:
|
Looks like the 'package.json' license is incorrect actually. That would make it OK to keep receiving 4.x updates, as it's only 5.x that's GPL licensed, I believe. That being said, not updating any further is safer. |
4552777
to
ca5a5b0
Compare
ca5a5b0
to
626b2d5
Compare
Bumps [iframe-resizer](https://github.com/davidjbradshaw/iframe-resizer) from 4.3.9 to 4.4.2. - [Release notes](https://github.com/davidjbradshaw/iframe-resizer/releases) - [Changelog](https://github.com/davidjbradshaw/iframe-resizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/davidjbradshaw/iframe-resizer/commits) --- updated-dependencies: - dependency-name: iframe-resizer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
626b2d5
to
ca00133
Compare
Superseded by #5125. |
Bumps iframe-resizer from 4.3.9 to 4.4.2.
Commits
You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)