Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
CB-14145 resolve npm audit issues in patch fix #281
What does this PR do?
What testing has been done on this change?
CI testing done:
Why are so many additional libraries now listed there?
was this somewhere decided to how Cordova should handle
What does this mean? Won't these commits get merged to master as well?
Is it correct that RELEASENOTES don't have a 6.0.1 entry here?
Keep npm install behavior as predictable as possible.
With node_modules installed by newer version of npm (comes with non-deprecated version of Node.js), additional libraries need to be listed to work on Node.js 4. We know that Node.js 4 is deprecated but should not be dropped in a patch release:-(
I think this was discussed in document on dev list for next major release (not sure). But I think we do not want to introduce this file in patch release, that is why I added it to .gitignore.
A combination of updated dependencies and npm from non-deprecated version of Node.js results in such a massive change to node_modules that it seems cleanest to remove old node_modules before making the update.
The changes proposed here are tailored specifically to the patch release in the 6.0.x branch. A number of changes are needed in node_modules since we should not drop Node.js 4 in a patch release. But I think we do not want all of these changes in the master branch.
I think we want to take a cleaner approach in the master branch: drop Node.js 4 support, remove committed node_modules, and target the next major release.
I would be happy to add a note to some of the commits with the reason why we do not want them in the master branch.
Yes I did not do that part yet. (I think it should be in another JIRA task according to https://github.com/apache/cordova-coho/blob/master/docs/platforms-release-process.md.)