Update package.json #114
Closed
Update package.json #114
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes #113
removing trailing comma.
|
@Abhijay007 @JustinCappos I created a pull request to fix those pesky dependency vulnerabilities from dependabot. Everything looks to be working fine after following the suggestion of manually updating the trim and got packages. |
|
Phil I think we can add `yarn.lock` file to the `.gitignore` as there is no
need of that, once people install dependencies using`yarn install` it will
be auto generated for them, It will be great if in our documentation we
mention that we use yarn for installing node modules and one should use
yarn instead or npm for that purpose as we originally used yarn for the
node dependencies.
…On Mon, 30 Oct 2023, 20:13 Philip Lapczynski, ***@***.***> wrote:
@Abhijay007 <https://github.com/Abhijay007> @JustinCappos
<https://github.com/JustinCappos> I created a pull request to fix those
pesky dependency vulnerabilities from dependabot. Everything looks to be
working fine after following the suggestion of manually updating the trim
and got packages.
—
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APLHP3XVKSVMQSDWC4PI6ATYB64IHAVCNFSM6AAAAAA6WDWGBWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBVGM3DSOJWGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@Abhijay007 according this this it is best practice to version your yarn.lock. https://stackoverflow.com/questions/39990017/should-i-commit-the-yarn-lock-file-and-what-is-it-for Having the traceability in the repository helps prevent 'works on my machine' bugs. |
|
Ya according to this It's LGTM
…On Mon, 30 Oct 2023, 21:15 Philip Lapczynski, ***@***.***> wrote:
@Abhijay007 <https://github.com/Abhijay007> according this this it is
best practice to version your yarn.lock.
https://stackoverflow.com/questions/39990017/should-i-commit-the-yarn-lock-file-and-what-is-it-for
—
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APLHP3UHSYPI63AG5PUPH7TYB7DRFAVCNFSM6AAAAAA6WDWGBWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBVGUYDAOBSHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Here is the docu from the official yarn site about it... Check into source controlAll yarn.lock files should be checked into source control (e.g. git or mercurial). This allows Yarn to install the same exact dependency tree across all machines, whether it be your coworker’s laptop or a CI server. Framework and library authors should also check yarn.lock into source control. Don’t worry about publishing the yarn.lock file as it won’t have any effect on users of the library. |
|
Ya this makes much sense now, thanks for sharing we can keep the yarn.lock
files
…On Mon, 30 Oct 2023, 21:22 Philip Lapczynski, ***@***.***> wrote:
Here is the docu from the official yarn site about it...
Check into source control
All yarn.lock files should be checked into source control (e.g. git or
mercurial). This allows Yarn to install the same exact dependency tree
across all machines, whether it be your coworker’s laptop or a CI server.
Framework and library authors should also check yarn.lock into source
control. Don’t worry about publishing the yarn.lock file as it won’t have
any effect on users of the library.
See https://yarnpkg.com/blog/2016/11/24/lockfiles-for-all/.
—
Reply to this email directly, view it on GitHub
<#114 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APLHP3QZWNR7S4HIDZP4SUTYB7EKZAVCNFSM6AAAAAA6WDWGBWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBVGUYTINRVGU>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of Changes
Created dependency resolutions to fix the following dependabot alerts.
https://github.com/uptane/uptane.github.io/security/dependabot/1
https://github.com/uptane/uptane.github.io/security/dependabot/2
Related Issue
Closes #113
Checklist
Screenshots (if applicable)
Attach any screenshots or images related to the changes.
Additional Context
Add any additional context or information that might be helpful for reviewers.
Reviewer(s)
@mention any specific reviewers or tag relevant team members.