search

ionic-team / trapeze

The mobile project configuration toolbox. Manage native iOS, Android, Ionic/Capacitor, React Native, and Flutter apps through a simple YAML format.
https://trapeze.dev
Other
328 stars 40 forks source link

fix: remove unused dependency npm-watch #224

Closed dtarnawsky closed 1 week ago

dtarnawsky commented 2 months ago

npm-watch is not used by the project (and would be a dev dependency if it were), so this PR removes it to address vulunerabilties down the line to @capacitor/assets (https://github.com/ionic-team/capacitor-assets/issues/590)

vercel[bot] commented 2 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
trapeze ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 26, 2024 7:52pm
dtarnawsky commented 2 months ago

Hey @kensodemann , I've updated the package-lock.json after a rebase with the hope that the open source gods will merge this PR to resolve downstream security vulnerabilities.

kensodemann commented 2 months ago

Hey @kensodemann , I've updated the package-lock.json after a rebase with the hope that the open source gods will merge this PR to resolve downstream security vulnerabilities.

So are you saying that the package-lock.json file is part of an existing change on main then that I cannot see here?

dtarnawsky commented 2 months ago

Hey @kensodemann , I've updated the package-lock.json after a rebase with the hope that the open source gods will merge this PR to resolve downstream security vulnerabilities.

So are you saying that the package-lock.json file is part of an existing change on main then that I cannot see here?

Weird, the commit showed up a lot longer than the comment. The update to package-lock.json is showing now

markemer commented 1 month ago

Cool, we can publish to trapezedev now - so whenever you're ready we can merge and publish. Do these tests always fail on CI?