Closed ricardo-passthrough closed 1 year ago
Also thanks for contributing this! A new major version isn't necessarily a blocker if this is the right technical choice, but I want to make sure that if the library is doing a major version bump that all the choices have been considered first. I think that also means reviewing the trade-offs between this and #183.
What about making this a patch level change, while y'all consider dropping yaml support entirely (#183) a major/breaking change?
@jonathan3692bf I am inclined to do nothing for now, since it was my determination over on #192 that this PR is an attempt to fix an issue that does not exist.
You bring up a good point in #192; updating this would be the equivalent of "sanitation theater"...
closing the PR for now, thanks for the discussion!
What:
Updating the pinned version of cosmiconfig
Why:
fix vulnerability report from
npm audit
:How:
Checklist: