search

flash-oss / medici

Double-entry accounting system for nodejs + mongoose
MIT License
307 stars 83 forks source link

new release #90

Closed Uzlopak closed 2 years ago

Uzlopak commented 2 years ago

@koresar

@adam2k and I worked on medici and we modified it accordingly to fix the sec. vuln. of mongoose.

Can you please make a release?

adam2k commented 2 years ago

Thanks for all the help @Uzlopak!

koresar commented 2 years ago

Hello guys. Thanks for the great work!

I have few concerns.

  1. I've just noticed that the project is lacking a lock file. I am maintaining npm modules for more than 5 years and built a number of best practices over the years. One of them - having lock file is good for you. It doesn't stop me from publishing the new version though. :) But seems like it's time for a blog post: "Best practices for low-effort long-term Node.js project maintenance".
  2. I deliberately removed the Dependabot because see item 1. :) Dependabot is a waste of time except when it notifies about vulnerabilities in my dependencies (not transitional). I will remove the Dependabot if it would be spamming me monthly. FYI.

Let me try publishing the PATCH version.

koresar commented 2 years ago

Published as v5.2.2