bcoe
commented
4 months ago @BboyAkers anything jump out to you with regards to the AppVeyor failure?
Closed BboyAkers closed 2 months ago
bcoe
commented
4 months ago @BboyAkers anything jump out to you with regards to the AppVeyor failure?
BboyAkers
commented
4 months ago Getting this 🤔 @bcoe
BboyAkers
commented
4 months ago Should I upgrade node versions?
bcoe
commented
4 months ago Should I upgrade node versions?
I'd suggest that we upgrade the Node version and switch to a GitHub action configuration similar to c8 (rather than using AppVeyor).
But, if we're updating the minimum Node.js version, we should make it a breaking change.
BboyAkers
commented
4 months ago Should I upgrade node versions?
I'd suggest that we upgrade the Node version and switch to a GitHub action configuration similar to c8 (rather than using AppVeyor).
But, if we're updating the minimum Node.js version, we should make it a breaking change.
Gotcha and agreed! I can take a stab at upgrading the node version today and create a new PR 🙂.
bcoe
commented
4 months ago Gotcha and agreed! I can take a stab at upgrading the node version today and create a new PR
@BboyAkers sounds good, looking forward to the PR.
Feel free to keep PMing me if I miss any updates.
BboyAkers
commented
4 months ago @bcoe Been hitting a wall upgrading node https://github.com/istanbuljs/nyc/pull/1550
What is in this PR?
istanbul-lib-instrumentpackage to the possible version6.0.2Why?
This lovely library uses
istanbul-lib-instrumentand that packages has an earlier version of babel which has this security vulnerability. https://security.snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462Updating this package after merging the above PR will solve this dependency chain vulnerability with minimal impact to end users.
Let me know if you all have any questions or if there's anything I can do to improve this PR 🙂. I'd be more than happy to!!