xml-crypto-1.5.1 is heavy on dependancies

[kushbhandari]

Not sure if its intentional but I see many dependancies are added as part of version - 1.5.1 - is that expected? I see @babel/* packages added plus 100s more.

[LoneRifle]

The only change I have done for 1.5.1 is the change of ejs version:
3d14db0

If you're referring to npm-shrinkwrap, that's there to lock down the dependencies, so that we don't pick up later versions of ejs that would not work on node 0.10.x

Which version are you upgrading from?

[dangh]

@LoneRifle shouldn't we exclude dev dependencies from shrinkwrap?

npm-shrinkwrap will ignore --production flag and pull in the whole dev dependencies. typescript is solely 50MB.

[kushbhandari]

@LoneRifle - upgrading from 1.4.1 to 1.5.1

[LoneRifle]

@LoneRifle shouldn't we exclude dev dependencies from shrinkwrap?

npm-shrinkwrap will ignore --production flag and pull in the whole dev dependencies. typescript is solely 50MB.

I'll think about how to tackle this - my main concern is that without shrinkwrap, node 0.10.x pulls in a later version of ejs, causing Travis to break

[LoneRifle]

@LoneRifle - upgrading from 1.4.1 to 1.5.1

The only significant change from 1.4 is the adding of callback arguments. If this is something you don't need, you can hold off on upgrading for now.

[LoneRifle]

Thanks for your patience - pick up 1.5.2 and see if that works better for you

[kushbhandari]

thanks @LoneRifle , will check this version.