Dependency bump cordova-common@^3.0.0 #69
Conversation
|
Are we intentionally committing package-lock.json in this repo? If so, it might be worth deleting and regenerating it because I'm not sure the diff here is accurate... |
| }, | ||
| "acorn-jsx": { | ||
| "version": "3.0.1", | ||
| "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-3.0.1.tgz", | ||
| "resolved": "http://registry.npmjs.org/acorn-jsx/-/acorn-jsx-3.0.1.tgz", |
There was a problem hiding this comment.
As a minor comment, I find it strange that it goes from https to http here. Looks like something that should be fixed in the npm tooling.
There was a problem hiding this comment.
Yeah, that's a known npm bug. It doesn't really matter because npm always uses HTTPS for fetching from the registry, but they're still trying to track down why it happens.
|
I recall the package-lock was regenerated, but I deleted the As for I know there is an open-ended discussion about if these files should be committed or not. As I said before, I am still in favor for committing them. But in this case, it was already committed and I only updated the existing file. |
Yes, I think we reached agreement in the following discussions in the past:
There was some dissent, mostly from a non-member. I did raise some questions and minor concerns. I did commit package-lock.json in a few places despite my own concerns since everyone else seemed to want it. In case of any further questions or concerns I would favor discussing in the existing thread or a new issue. |
Platforms affected
osx
What does this PR do?
Updates the cordova-common dependency to ^3.0.0.
What testing has been done on this change?