Closed tracker1 closed 4 years ago
The plan is to require 2FA on gulp-community so automated releases won't work, unfortunately.
The plan is to require 2FA on gulp-community so automated releases won't work, unfortunately.
@tracker1
Not seeing this actually in the npm package - @tracker1 is this something that can be picked up?
@zdfowler what exactly are you looking for? I just got the update workflow working for gulp-pug and will be applying it to the other gulp-community packages when I have time.
Expecting to see the changes in package.json that were part of this PR to be in master.
For example, "lodash.template": "^4.5.0", is listed in showing in a8da84 but not seeing it in master, nor the package published to npm.
@tracker1 ^^ and it should also address #16
That CVE doesn't matter unless you are somehow passing un-sanitized user input to your gulp tasks (and that would be actually insane).
@contra @phated - you'll need to add an
npm_token
secret on this project for publish, I've added you both on npm for this package. You will also need to add this project to coveralls.io (free for open-source projects) in order for the coverage badge to work.Checkout/clone the latest master after merge then run one of the following:
npm run publish-major
npm run publish-minor
npm run publish-patch