search

auth0 / node-xml-encryption

W3C XML Encryption implementation for node.js (http://www.w3.org/TR/xmlenc-core/)
MIT License
37 stars 57 forks source link

release 2.0.0 #95

Closed esarafianou closed 2 years ago

esarafianou commented 2 years ago

Description

  1. Prepares for release 2.0.0, which drops support for Node 8.
  2. Also updates package lock file to version 2 which is backwards compatible to version 1
gkwang commented 2 years ago

nit: Also do we still want to keep the package-lock file since this is a library and considering it was removed in the previous PR?

esarafianou commented 2 years ago

@gkwang was the package-lock file ever removed? Based on it's history here: https://github.com/auth0/node-xml-encryption/commits/master/package-lock.json, it's been around since Jan 2020.

forty commented 2 years ago

My 2 cents since I'm around ;) having or not a package lock is a recurring debate in npm modules.

It can still make sense to lock the dependencies of libraries, if only for the dev ones, as it makes CI build more reproducible (ie the build won't start failing when there is no change in the repository).

The lock will have no impact on the users of the library as it's not included in the package, and they should do their own locking