Closed BboyAkers closed 2 months ago
@BboyAkers anything jump out to you with regards to the AppVeyor failure?
Getting this 🤔 @bcoe
Should I upgrade node versions?
Should I upgrade node versions?
I'd suggest that we upgrade the Node version and switch to a GitHub action configuration similar to c8 (rather than using AppVeyor).
But, if we're updating the minimum Node.js version, we should make it a breaking change.
Should I upgrade node versions?
I'd suggest that we upgrade the Node version and switch to a GitHub action configuration similar to c8 (rather than using AppVeyor).
But, if we're updating the minimum Node.js version, we should make it a breaking change.
Gotcha and agreed! I can take a stab at upgrading the node version today and create a new PR 🙂.
Gotcha and agreed! I can take a stab at upgrading the node version today and create a new PR
@BboyAkers sounds good, looking forward to the PR.
Feel free to keep PMing me if I miss any updates.
@bcoe Been hitting a wall upgrading node https://github.com/istanbuljs/nyc/pull/1550
What is in this PR?
istanbul-lib-instrument
package to the possible version6.0.2
Why?
This lovely library uses
istanbul-lib-instrument
and that packages has an earlier version of babel which has this security vulnerability. https://security.snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462Updating this package after merging the above PR will solve this dependency chain vulnerability with minimal impact to end users.
Let me know if you all have any questions or if there's anything I can do to improve this PR 🙂. I'd be more than happy to!!