[4.2] npm update #38105
[4.2] npm update #38105
Conversation
joomla-cms-bot
added
NPM Resource Changed
|
testing should be quite simple. Apply the pr. then There should be no new files to commit then run |
|
Vue should be updated as well as it is only a patch shift. |
|
@laoneo thanks - vue was locked to a specific patch release. Its not any more |
|
Then I'm wondering why it got locked. It was done in #36295. @dgrammatiko any reason you locked vue to a specific release? |
Yes, the reason is security and assuring that the person in charge of releases will NOT accidentally distribute a version that was not tested/peer reviewed/etc. FWIW for years I kept asking for an automated solution for both npm+composer but gloriously ignored. Anyways, both package.json and composer.json SHOULD point to specific versions for the dependencies (joomla is not a weekend project, so maintainers should treat it respectively). An implementation of renovate bot in this repo will apply this before start doing any PRs for updating any of the dependencies (you can check it in one of my many repos where I use it for quite some time, eg: package.josn renovate.josn ). |
|
The lock file does the job of pointing to a specific version. There is no need to do that in the config file as well, except when there is a bug/incompatibility/whatever in the library and we have to stick to a specific version. |
|
@laoneo sure but everybody is using specific version on their package.json, eg: https://github.com/WordPress/wordpress-develop/blob/40c4f11a81ee28b1ec1869c9842064ac0bf137c2/package.json#L78-L156 |
|
if everybody was doing that then there would be zero point in the ^ or ~ functionality existing. |
|
closed. i'm not wasting my time resolving conflicts |
Summary of Changes
CodeMirror updated to 5.65.6
and various dev dependencies
All scripts that are not dev dependencies have already been updated or are semver compatible