keggsmurph21
commented
2 years ago Is merging all the package version bumps safe, @keggsmurph21? (See open PRs)
I worry that some things have changed major version number, e.g. ejs from version 2 to version 3.
We'd probably need to look closely at the major version bumps, but any others should be safe. And I guess when I say "look closely" I just mean (1) make the change locally, (2) check if broken, (3) otherwise merge it in. Up to you how you want to ensure (2) :grin:
I also worry that we have a lot of dependencies. Are all of these necessary?
Haha, probably not all of them. It is worth noting that most of our dependencies are actually "dev dependencies", which means the end user never needs to use them (or even know about them).
I see things like
tarandiniwhich seem unrelated to what Annotatrix does.
Yeah, these are both dev dependencies. You can see why they're in the package-lock.json if you run these commands:
$ npm ls tar
ud-annotatrix@1.0.0 /home/kevinmurphy/src/jonorthwash/ud-annotatrix
└─┬ sqlite3@4.0.8
└─┬ node-pre-gyp@0.11.0
└── tar@4.4.8$ npm ls ini
ud-annotatrix@1.0.0 /path/to/ud-annotatrix
├─┬ gulp@4.0.2
│ └─┬ gulp-cli@2.2.0
│ └─┬ liftoff@3.1.0
│ └─┬ findup-sync@3.0.0
│ └─┬ resolve-dir@1.0.1
│ └─┬ global-modules@1.0.0
│ └─┬ global-prefix@1.0.2
│ └── ini@1.3.5 deduped
├─┬ nodemon@1.19.1
│ └─┬ update-notifier@2.5.0
│ └─┬ is-installed-globally@0.1.0
│ └─┬ global-dirs@0.1.1
│ └── ini@1.3.5 deduped
├─┬ notatrix@2.3.2 -> ./notatrix
│ └─┬ gulp@4.0.2
│ └─┬ gulp-cli@2.3.0
│ └─┬ liftoff@3.1.0
│ └─┬ findup-sync@3.0.0
│ └─┬ resolve-dir@1.0.1
│ └─┬ global-modules@1.0.0
│ └─┬ global-prefix@1.0.2
│ └── ini@1.3.8
└─┬ sqlite3@4.0.8
└─┬ node-pre-gyp@0.11.0
└─┬ rc@1.2.8
└── ini@1.3.5
Is merging all the package version bumps safe, @keggsmurph21? (See open PRs)
I worry that some things have changed major version number, e.g. ejs from version 2 to version 3.
I also worry that we have a lot of dependencies. Are all of these necessary? I see things like
tarandiniwhich seem unrelated to what Annotatrix does.