Open iamacup opened 11 months ago
@iamacup I think in general it would be nice not to have another fork of a fork that only a handful of people use. Though we would need to see what we already did in the other repository and if everything is feature-compatible (not sure any more if we simplified a few things at the cost of features we didn't use 🤔)
@willmac do you mind taking a look to see what might have happened and we can discuss next steps on this pull requests once you have investigated?
@iamacup great you're back. I think it's a great idea - as @miallo says, a fork of a fork is waisted effort if both are seeing updates.
Most features we so far did was for bugfixing / typing, better accessibility for e.g. screen readers and a start to make it work with themed components like offered by react-native-elements. I don't think we dropped any documented features. (But as always, some consider it a bug, for others it's a feature).
So a merge should be doable without too much effort.
Do we have a plan to merge all of these changes in and consolidate the forks? The current version of this repo has an advisory against it (https://github.com/advisories/GHSA-6vfc-qv3f-vr6c) that folks are going to pull in.
Do we have a plan to merge all of these changes in and consolidate the forks? The current version of this repo has an advisory against it (GHSA-6vfc-qv3f-vr6c) that folks are going to pull in.
Just upgrade and problem solved, or am I missing something?
@orangecms We could upgrade and patch it to override manually, but it's a major and that would not satisfy semver directly in a lockfile patch...it's always better for the package that pulls in the dependency to upgrade past it so that all clients get the patch "for free" without having to patch it for all consumers.
Huh, it's a direct dependency and the upgrade is to a version that had been around for a year, or am I misreading it?
We also need to adjust the git action. @lernerb can you create a npm access key and save it as secret for the repo? That way we can publish by npm automatically be creating a new release
That would be @iamacup ^ - I'm just hopping in here to keep things moving..
Is there any plan to merge this in or any decision on if this repo is going away in favor of @RonRadtke 's as it's properly maintained? A few people are waiting on the security update of markdown-it that's 2/3 major's ahead.
@iamacup Are you planning on maintaining this library or should we go forward with deprecating this one and once again go to a new fork for all users for security updates?
@iamacup please answer here. Otherwise we should switch to my repo and get a note posted here. But without your help we so far still can't publish on NPM so it's kinda useless to maintain... Need at least some sign of life of yours
@iamacup Hello?
Hi have the feeling that's kinda pointless here :(
@RonRadtke @orangecms @miallo
Sorry, I had muted all of the github stuff and had no idea how many downloads this repo was getting.
I reached out to @willmac who had an open pull request before I went and blitzed all the issues away and found yours with the new repo, who is now a contributor on here and can have all the access so it does not get stagnant again. He also has my email so can pester me elsewhere.
I don't know what your plans are or what you would like to do? I am OK adding you as contributors here for sure!