Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

package[-lock].json: Update swagger-test-templates #3

Merged
merged 1 commit into from
Oct 16, 2019
Merged

package[-lock].json: Update swagger-test-templates #3

merged 1 commit into from
Oct 16, 2019

Conversation

DeeDeeG
Copy link
Contributor

@DeeDeeG DeeDeeG commented Oct 16, 2019

Hi, as mentioned in a comment in the previous PR, I bumped dependencies over at swagger-test-templates.

By using this latest version of swagger-test-templates (1.6.0), people who add this package (swagger-node) in their projects will only have one remaining audit warning against it.

(dependencies I bumped over at swagger-test-templates were "lodash" and "json-schema-deref-sync --> mpath")

@DeeDeeG
Copy link
Contributor Author

DeeDeeG commented Oct 16, 2019

I can narrow this PR down to just package.json if you want to leave package-lock.json the way it is.

Sorry for doing these PRs out of the blue. I've just been searching for a way to have up-to-date-dependencies on the swagger package. And as well all know, upstream hasn't been accepting pull requests.

@maziyarpanahi
Copy link
Member

Oh no worries, I am glad you are making PR and keep this project up to date!

@maziyarpanahi maziyarpanahi merged commit 17b2b3b into multivacplatform:master Oct 16, 2019
@maziyarpanahi
Copy link
Member

@DeeDeeG I have merged this into the master, would you like me to bump the version to 0.8.4 and push it to NPM or do you guys directly using the master?

@DeeDeeG
Copy link
Contributor Author

DeeDeeG commented Oct 16, 2019

A version 0.8.4 would definitely be appreciated.

I ultimately have to see what the rest of the team is okay with, but I didn't even have a non-git-revision option until landing these pull requests here.

I was considering using the commit id from my "mocha to devdependencies" PR at upstream, since that commit is technically available in upstream's git repo. But if the team is okay using a fork, instead of upstream, this will definitely be the best option. Thank you for asking!

@DeeDeeG
Copy link
Contributor Author

DeeDeeG commented Oct 16, 2019
edited
Loading

For the record, upstream swagger only locks swagger-test-templates to "^1.2.0" (meaning >= 1.2.0, < 2), meaning one can already get updated swagger-test-templates 1.6.0 with upstream swagger.

This PR was necessary for this fork, as this fork locks swagger-test-templates to an exact version, previously 1.5.1.

This fork's advantage, in terms of audits [when depending on this package from an external package.json], is only moving mocha to devdependencies at the moment.

@maziyarpanahi
Copy link
Member

Perfect, thanks for your PRs. I published 0.8.4 with your PRs included on NPM 👍

@DeeDeeG
Copy link
Contributor Author

DeeDeeG commented Oct 17, 2019

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@DeeDeeG @maziyarpanahi