Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

site: dep updates for bugfixes and webpack 5 #1111

Merged
merged 2 commits into from
Jul 7, 2021
Merged

Conversation

chappjc
Copy link
Member

@chappjc chappjc commented Jun 21, 2021

The audit failures came up recently, and the postcss vuln fix is available with stylelint now and the css-minimizer-webpack-plugin>svgo>css-select-css-what fix is available.

The package-lock.json update is committed as a dummy user in a separate commit, as I have done in the past.

A notable change from the Dart sass update is that it now complains about bootstrap using the / operator instead of math.div. This is fixed now in bootstrap 5, but it's just a warning. See twbs/bootstrap#34051 for discussion on this fairly contentious sass change. Still, we should look into bootstrap 5 at some point.

This also removes webpack-dev-server as that was never used with dex (or dcrdata where this was taken from).

@chappjc
Copy link
Member Author

chappjc commented Jun 21, 2021

@martonp I should have put this up sooner but I was waiting for some upstream fixes. Still not everything I was hoping for though. In any case, CI on your PR ended up working so it looks like it was a transient issue after all.

With these npm updates, I like to put the package-lock.json diff in a separate commit with a fake user as the author since otherwise it can be misleading when looking at commit history.

@martonp
Copy link
Contributor

martonp commented Jun 22, 2021

@chappjc Why is it misleading?

@chappjc
Copy link
Member Author

chappjc commented Jun 22, 2021

In terms of actual work done on a repository.

@chappjc
Copy link
Member Author

chappjc commented Jun 26, 2021

svgo just got patched so now npm audit passes.

@chappjc chappjc marked this pull request as ready for review June 26, 2021 18:59
@JoeGruffins
Copy link
Member

In terms of actual work done on a repository.

imo super not important, besides, there would be not repository w/o you
imo don't waste you time on fake users

Copy link
Member

@JoeGruffins JoeGruffins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Builds and runs well. Also see the deprecated warnings about slashes.

@amass01
Copy link
Member

amass01 commented Jun 28, 2021

In terms of actual work done on a repository.

imo super not important, besides, there would be not repository w/o you
imo don't waste you time on fake users

💯

@chappjc chappjc merged commit c4b1df0 into decred:master Jul 7, 2021
@chappjc chappjc deleted the npm-ups branch July 7, 2021 04:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants