Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): replace taffydb with @jsdoc/salty #117

Merged
merged 1 commit into from
Apr 27, 2023
Merged

fix(deps): replace taffydb with @jsdoc/salty #117

merged 1 commit into from
Apr 27, 2023

Conversation

hegemonic
Copy link
Contributor

@hegemonic hegemonic commented Apr 25, 2023
edited

The taffydb package has issues. It's unclear what license it uses, and it has an alleged "security vulnerability" that's completely bogus but nonetheless causes npm audit to squawk. See https://github.com/jsdoc/jsdoc/blob/main/packages/jsdoc-salty/README.md for details about both issues.

This PR replaces taffydb with @jsdoc/salty, a drop-in replacement for taffydb that's licensed under the Apache License 2.0. It has no known security issues, bogus or otherwise.

To test this PR, I generated docs for JSDoc 4.x using this template:

git clone https://github.com/jsdoc/jsdoc
cd jsdoc
git checkout releases/4.0
npm install
node jsdoc.js jsdoc.js lib/jsdoc/* -t ../jsdoc-fresh

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

@hegemonic
fix(deps): replace taffydb with @jsdoc/salty
797ebdc 
`taffydb` has issues. It's unclear what license it uses, and it has an alleged "security vulnerability" that's completely bogus but nonetheless causes `npm audit` to squawk. See https://github.com/jsdoc/jsdoc/blob/main/packages/jsdoc-salty/README.md for details about both issues.

This PR replaces `taffydb` with `@jsdoc/salty`, a drop-in replacement for `taffydb` that's licensed under the Apache License 2.0. It has no known security issues, bogus or otherwise.

To test this PR, I generated docs for JSDoc 4.x using this template:

```
git clone https://github.com/jsdoc/jsdoc
cd jsdoc
git checkout releases/4.0
npm install
node jsdoc.js jsdoc.js lib/jsdoc/* -t ../jsdoc-fresh
```
@hegemonic hegemonic requested a review from a team as a code owner April 25, 2023 05:05
@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Apr 25, 2023
@sofisl sofisl merged commit 27447a5 into googleapis:main Apr 27, 2023
10 checks passed
@release-please release-please bot mentioned this pull request Apr 27, 2023
Merged
@hegemonic hegemonic deleted the taffydb branch April 27, 2023 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sofisl sofisl sofisl approved these changes

Assignees
No one assigned
Labels
size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@hegemonic @sofisl