New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependencies and prune lock files #120
Comments
so at the current moment there are alerts regarding minimist 0.0.8 for root and backend package.json files.
comes from eslint 6.8.0 and it's the latest release of eslint - it actually uses this old version of mkdirp https://github.com/eslint/eslint/blob/v6.8.0/package.json#L75 should be resolved with this one eslint/eslint#13050 - then we can update eslint or we can wait for dependabot to do... :) |
for backend/package.json:
Used by node-pg-migrate as you see but actually this is strange for me because the package uses ~1.0.0 of mkdirp - https://github.com/salsita/node-pg-migrate/blob/master/package.json#L48 that doesn't use minimist at all https://github.com/isaacs/node-mkdirp/blob/v1.0.0/package.json... I tried to reinstall but still I get old mkdirp in package-lock.json. |
for node-pg-migrate - the problem is that in tgz package we still use mkdirp 0.5.0 therefore npm keeps installing it with minimist. |
- Update node-pg-migrate - Reinstall eslint - npm audit fix for ts-jest
gh-120: Update node-pg-migrate, remove unused nedb
still need to run npm audit fix in frontend and root folders |
https://github.com/salsita/foosball-rating/network/alerts points to the problems and they are two fold.
deps need to be updated
we seem to be using both package-lock and yarn-lock. Let's delete one of them (and put it in gitignore) and be consistent
The text was updated successfully, but these errors were encountered: