Closed eriktrom closed 2 years ago
a rabbit went down this hole once, i have not seen him since. anyone want to give this a shot?
Update travis to run using npm 5.x and 6.x (thus update node)
This task is at least done. My suggestion for tackling how #101 turned out would be to see if it'd be possible to configure dependabot.yml to get what you want, where you would enable the security updates, but then configure the yml to something like:
# disable auto-created dependabot PRs, but allow security PRs
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
open-pull-requests-limit: 0
versioning-strategy: increase
where it should now bump both package.json
and package-lock.json
as necessary. I'm not totally certain no this, and it is kinda hard to test unfortunately 😬
@MasterOdin - thanks for that info - i'll look at this next weekend - appreciate the input here
Update ci to test new versions of npm (to verify/prevent?.peer dep, patch level drifting?) found in (some) consumers
Found via #101
quick ref: travis build where this occured: https://travis-ci.org/github/http-party/node-portfinder/builds/673407993 issue where it is discussed at length: #101 (very likely unrelated, but leaving for future self in case): issue + pr where this is manually fixed, many months later, by human intervention: issue #108, fix #109,
Master, on my computer, modified in April, not as a consumer, was correct:
&&