New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependencies to get rid of security vulnerabilities #1547
Update dependencies to get rid of security vulnerabilities #1547
Conversation
@stefan-guggisberg Mocha 3.0.0 changed the behavior for async tests (mochajs/mocha#2407), you cannot return a https://github.com/stefan-guggisberg/nodegit/blob/bump_node-pre-gyp/test/tests/filter.js#L107 and here: https://github.com/stefan-guggisberg/nodegit/blob/bump_node-pre-gyp/test/tests/note.js#L61 Not sure what is causing the third test failure. |
@trieloff thanks. i've fixed those tests in a6a4aab. now running
the same tests are failing on |
Maybe its redundant @Croydon but is there a reason we can't separate these changes out, to break down the size of that monster a bit? Like would that cause undue conflicts in your branch if we were to merge this then that? |
It's fine with me when this gets merged first. I just noted that because it sounds like duplication of already done work. |
I definitely feel like we should probably target these branches instead of having one mega PR, as well. It's a bit intimidating to look at your PR @Croydon. |
@implausible Yes, I totally agree. I did start my pull request a long time ago and it kept growing as I never got Node 10 to actually work. Please go ahead and merge this. |
Rerunning the test that failed. Looked like a weird failure to occur as everything passed except the deploy docs noop step. |
@implausible thanks! any chance this gets published on npm anytime soon? |
I am hoping to get the node 10 branch wrapped up before we publish the next version, but yes, hopefully soon. |
running
npm install
onv0.22.2
ends with the following console output:updating the following dependencies:
node-gyp -> ^3.8.0
node-pre-gyp -> ^0.11.0
coveralls -> ^3.0.2
mocha -> ^5.2.0
fixes the following vulnerabilities:
hoek
< 4.2.1cryptiles
< 4.1.2sshpk
< 1.13.2growl
< 1.10.0