Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update debug package to version 4.0.0 #94

Closed
ryanelian opened this issue Sep 11, 2018 · 5 comments
Closed

Update debug package to version 4.0.0 #94

ryanelian opened this issue Sep 11, 2018 · 5 comments

Comments

@ryanelian
Copy link

I am getting warnings in my CI due to updated debug package:

warning axios > follow-redirects > debug@3.2.4: `debug` versions 3.2.0-3.2.2 break Node 4. Users of node LTS and onward (modern Node versions): please upgrade to `debug@4` or above as soon as possible. Node 4 users: please pin to `debug@>=3.2.3 <4` as it will be the last version range that supports Node@4.

The debug project recommends a package update to version 4.0.0 to mitigate vulnerabilities and performance improvement.
@RubenVerborgh
Copy link
Collaborator

RubenVerborgh commented Sep 11, 2018 via email

@ryanelian
Copy link
Author

ryanelian commented Sep 11, 2018
edited

They botched 3.2.3

The versions that were released are as follows:

    3.2.0 - original faulty release (deprecated)
    3.2.1 - fixed a 'typical' regression for browser users (deprecated but changes are included in 4.0.0)
    3.2.2 - mitigation for users of Node 4 who were seeing failed downloads by babel-ifying the source code to be IE8 compatible (as is used by the browser distribution build script) (deprecated)
    3.2.3 - mitigation for users that required debug/node imports - faulty (missing "files" entry in package.json) (deprecated)
    3.2.4 - fix for 3.2.3, adding ./node.js to the "files" key in package.json (deprecated)
    4.0.0 - duplicate of 3.2.1 (latest, recommended version)

You should just pin exact version 3.1.0 to make the warnings go away, then.

@RubenVerborgh
Copy link
Collaborator

RubenVerborgh commented Sep 11, 2018
edited

On second thought, I think your next CI build should be alright actually. You probably only saw errors because faulty versions were temporarily online. New installs should now use 3.2.4, which is fine with Node 4. Nonetheless, I'm pinning to 3.1.0 just in case, and will use 4.x once we drop Node 4.

@ryanelian
Copy link
Author

Nonetheless, I'm pinning to 3.1.0 just in case, and will use 4.x once we drop Node 4.

Thanks, I appreciate the speedy response. Our builds with axios dependency have no more warnings thanks to follow-redirects version 1.5.8.

New installs should now use 3.2.4, which is fine with Node 4

Actually, 3.2.4 is the one causing that warning message...

image

@RubenVerborgh
Copy link
Collaborator

Mmm bad decision on their part. Fixed then.

@RubenVerborgh RubenVerborgh mentioned this issue Jan 14, 2021
Closed
@RubenVerborgh RubenVerborgh mentioned this issue Mar 28, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RubenVerborgh @ryanelian