Bump iframe-resizer from 4.3.9 to 4.4.2 #5035
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
📋 StatsFile sizes
Modules
View stats and visualisations on the review app Action run for ca00133 |
|
I don't think there's anything too suspicious going on, but the changes between 4.3.9 and 4.4.2 are a bit all over the place… there's no entries for 4.4.x in the changelog on either the I can't see anything particularly important in the diff other than a large postinstall message advertising a new v5 release (although I believe postinstall scripts run in the background since npm v7). It does look like the license has changed from MIT to GPL v3 as part of the v5 release. According to the iframe resizer website this means that our project would also need to be published under GPL v3, which I think means we'll need to stay on v4 for now. Overall I'm inclined to close this? |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/iframe-resizer-4.4.2
branch
from
553e9e3
to
4552777
Compare
|
Adding to Ollie's comment above with my 2 pence: In short I agree with Ollie that it's a bit messy and that their priority appears to now be v5 with support for v4. I don't see anything here to suggest we shouldn't merge it but I'm deffinately not gonna die on that hill. It's probably simpler to close it. It also throws doubt on if we should continue using iframe resizer if we can get away without it. It feels to me like managing this may just lead to a bunch of headaches... |
|
Depending on where you look, 4.4.2 advertises either:
I agree with closing given the uncertainty 😊 We should also:
|
|
Looks like the 'package.json' license is incorrect actually. That would make it OK to keep receiving 4.x updates, as it's only 5.x that's GPL licensed, I believe. That being said, not updating any further is safer. |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/iframe-resizer-4.4.2
branch
from
4552777
to
ca5a5b0
Compare
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/iframe-resizer-4.4.2
branch
from
ca5a5b0
to
626b2d5
Compare
Bumps [iframe-resizer](https://github.com/davidjbradshaw/iframe-resizer) from 4.3.9 to 4.4.2. - [Release notes](https://github.com/davidjbradshaw/iframe-resizer/releases) - [Changelog](https://github.com/davidjbradshaw/iframe-resizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/davidjbradshaw/iframe-resizer/commits) --- updated-dependencies: - dependency-name: iframe-resizer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/iframe-resizer-4.4.2
branch
from
626b2d5
to
ca00133
Compare
Bumps iframe-resizer from 4.3.9 to 4.4.2.
Commits
You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)