johnbaldwin
commented
2 years ago This PR is doing this update, a production code dependency
"react-dev-utils": "^5.0.2",
"react-dev-utils": "^12.0.1",- About this package: https://www.npmjs.com/package/react-dev-utils
This update causes version compatibility issues. PR tests are failing on Node incompatibility. To note, Figures React version is also quite out of date, running v16.5: https://github.com/appsembler/figures/blob/main/frontend/package.json#L50 , two versions behind the current React v18.2.
Created an issue to track this - https://github.com/appsembler/figures/issues/468
error react-dev-utils@12.0.1: The engine "node" is incompatible with this module. Expected version ">=14". Got "12.22.12"Something to to understand clearly is how dependent Figures needs to be on front end package versions running off the edx-platform release.
dependabot[bot]
Bumps shell-quote and react-dev-utils. These dependencies needed to be updated together. Updates
shell-quotefrom 1.6.1 to 1.7.3Release notes
Sourced from shell-quote's releases.
Changelog
Sourced from shell-quote's changelog.
Commits
6a8a8991.7.35799416fix for security issue with windows drive letter regexc7de931Add security.md414853fUpdate readme.markdown (#43)0fc4a97use Github Actions (#42)89a19931.7.2df7e4c7add test for #37144e1c2revert windows path unescaping, fixes #37c24f3aaci: nvs does not have iojsc2950fb1.7.1Updates
react-dev-utilsfrom 5.0.3 to 12.0.1Changelog
Sourced from react-dev-utils's changelog.
... (truncated)
Commits
19fa58dPublisha422bf2Ensure posix compliant joins for urls in middleware (#11640)221e511Publish3afbbc0Update all dependencies (#11624)3880ba6Remove dependency pinning (#11474)5cedfe4Bump browserslist from 4.14.2 to 4.16.5 (#11476)63bba07Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)960b21eBump immer from 8.0.4 to 9.0.6 (#11364)f0a837cWebpack 5 (#11201)369fccffix: fast refresh stops on needed bail outs (#11105)Maintainer changes
This version was pushed to npm by iansu, a new releaser for react-dev-utils since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/appsembler/figures/network/alerts).