Closed yumetodo closed 3 years ago
Hey @yumetodo, Do you reckon this need a major version bump given that it isn't backwards compatible? Just to be on the safe side. There might be other packages that depend on flat-cache running deprecated versions of node that would break.
Yes.
I just now noticed that write
request node>=10
.
https://github.com/jonschlinkert/write/commit/e996f212fc94bc6ae4f338af91aa5972d4c0fea6
This is breaking change.
So, Major version bump is required to follow Semantic Versioning 2.0 spec.
Hey @royriojas, a gentle reminder of this PR, do you think this could be reviewed? Still needs a major bump, just putting it in your radar.
BTW, you should stop using istanbul
. it is no longer maintained. optimist
is deprecated and not maintained.
https://github.com/substack/node-optimist/issues/152
$npm ls minimist
flat-cache@2.0.1 C:\msys64\home\yumetodo\flat-cache
+-- eslint@6.8.0
| `-- mkdirp@0.5.4
| `-- minimist@1.2.5
+-- istanbul@0.4.5
| `-- handlebars@4.7.3
| `-- optimist@0.6.1
| `-- minimist@0.0.10
`-- mocha@7.1.1
`-- mkdirp@0.5.3
`-- minimist@1.2.5
edit: I noticed that handlebars 4.x develop is still continued. watch https://github.com/wycats/handlebars.js/pull/1666
reduced vulnerability report to only 1!
$npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package minimist
Patched in >=0.2.1 <1.0.0 || >=1.2.3
Dependency of istanbul [dev]
Path istanbul > handlebars > optimist > minimist
More info https://npmjs.com/advisories/1179
found 1 low severity vulnerability in 818 scanned packages
1 vulnerability requires manual review. See the full report for details.
This seems really nice! Thanks for your work 👍 Small detail but since we are talking about breaking changes and major version for next release, maybe you could change the engines in the "package.json". See: https://docs.npmjs.com/files/package.json#engines
I suggest to change this for:
"engines": {
"node": ">=10"
}
What do you think @yumetodo ?
Let's hope @royriojas will have the occasion to check and merge this PR and do a new release 😊
hey @SuperITMan
Sorry I didn't had time these days to review this changes. I will review later today
About write
update:
In this project, write.sync
is an only use case and it was not changed by write
's major update.
Hey @royriojas
Would you have a moment to have a look on this PR and maybe merge it + release a new version of flat-cache
and flat-entry-cache
? :crossed_fingers:
Thanks for your time :blush:
update too many dependencies
eslinter
is outdated. Currently,eslint
has an option to cache. so we useeslint
directly.eslint-plugin-mocha
esbeautifier
is outdated. Prettier is a famous tool to format. Apply Prettier.npm audit fix
(1 vulnerability required manual review and could not be updated)in developwrite
to2.0.0
to avoidminimist
's vulnerability (See #47 and changelog for detail)