Skip to content

Dependabot fixes #2335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jul 28, 2023
Merged

Dependabot fixes #2335

merged 11 commits into from
Jul 28, 2023

Conversation

GnaneshKunal
Copy link
Contributor

Fixes

  • minimist
  • class-validator
  • socket.io-parser
  • http-cache-semantics
  • minimatch
  • axios
  • word-wrap
  • engine.io
  • nanoid

This was referenced Jul 13, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
ArtemHoruzhenko
ArtemHoruzhenko requested changes Jul 19, 2023
View reviewed changes
package.json Outdated
"**/node-sass": "^8.0.0",
"**/trim": "0.0.3"
"**/trim": "0.0.3",
"word-wrap": "npm:@aashutoshrathi/word-wrap",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why can't we use 1.2.4 official version?
Also I think we must have some agreement about forks. From my point of view we should use only official libs and in some corner cases we might use OWN forks if it is very critical to fix something.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UPD: let's use official lib here and in all other places

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Looks like the official version was just released. Using 1.2.4 from the official library.

@vlad-dargel vlad-dargel added 2.32 and removed 2.30 labels Jul 20, 2023
@vlad-dargel vlad-dargel merged commit 1a9a965 into main Jul 28, 2023
@vlad-dargel vlad-dargel deleted the dependabot-fixes branch July 28, 2023 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ArtemHoruzhenko ArtemHoruzhenko ArtemHoruzhenko approved these changes

@egor-zalenski egor-zalenski Awaiting requested review from egor-zalenski

@rsergeenko rsergeenko Awaiting requested review from rsergeenko

Assignees

No one assigned

Labels

2.32

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@GnaneshKunal @ArtemHoruzhenko @vlad-dargel