Closed jhlav closed 4 years ago
@jhlav Those vulnerabilities are in the dev dependencies not the actual NPM package. 😉
Updating the deprecated SFC is a good catch, but might be a moment until I can fully scan this PR. Due to the heavy use of this component I need to be very careful with breaking changes.
Closing this one out as it's safe to ignore the dev dependency vulnerabilities. It's down to 27 with update libraries.
In the future please break each individual PR up into a single feature. It makes reviewing PR's a lot easier.
Thanks for the work into both of these PRs. Leaving the onClick
issue opened for discussion. 👍
In the future please break each individual PR up into a single feature. It makes reviewing PR's a lot easier.
Will do. I haven't made many contributions like this so have some learning to do on how this process works, or how to do it better. I appreciate the feedback. :+1:
Thanks for the work into both of these PRs. Leaving the
onClick
issue opened for discussion.
You're welcome. Happy to help!
After running
npm install
, it reported 70 security vulnerabilities. 1 is critical, and 66 of them are high. I decided to spend the day working on this as @mdi/js and @mdi/react have been really useful libraries for many projects I work on. I made a separate branch for this since there were breaking changes in the nyc library. I also added a major version bump to 1.3.0 for this same reason. There were several other errors withnpm run testWithCoverage
, so I worked through those and later got it to work with all tests passing.npm audit
no longer reports any vulnerabilities after the changes in this PR. All tests succeed, too.Please review PR #38 first. The first three commits in here could be merged from that one first, then this PR would have just the one commit to merge. Perhaps that one could be released as 1.2.2 and this one as 1.3.0, or just release 1.3.0, whatever you think is best, @Templarian.