We probably don't care about any of the vulnerabilities Dependabot is grumbling about, since they're all just dev dependencies. Nonetheless, it'd be nice to clear out the PRs, and I think this should do that.
Since the project is using Yarn 1, I don't think there's any properly supported way to upgrade transitive dependencies, so the approach I took was, for each Dependabot PR, to:
Delete any top-level entries for the package from yarn.lock
Run e.g. yarn && yarn test && git commit -am "Upgrade elliptic" to write the latest package.json-compatible version into yarn.lock, run the tests to check this doesn't break anything, and then commit
(I haven't bothered to check that this actually got us versions high enough to placate Dependabot; I'll see what Dependabot decides to do with the PRs after I merge this!)
It might be nice to upgrade ALL of our dev dependencies, but that breaks yarn test right now and so will require at least a bit of thought instead of just mindlessly executing steps like I've done here. So I'll start with this!
Dependabot wants to upgrade lots of packages - e.g. https://github.com/kpdecker/jsdiff/pull/394
We probably don't care about any of the vulnerabilities Dependabot is grumbling about, since they're all just dev dependencies. Nonetheless, it'd be nice to clear out the PRs, and I think this should do that.
Since the project is using Yarn 1, I don't think there's any properly supported way to upgrade transitive dependencies, so the approach I took was, for each Dependabot PR, to:
yarn.lockyarn && yarn test && git commit -am "Upgrade elliptic"to write the latest package.json-compatible version intoyarn.lock, run the tests to check this doesn't break anything, and then commit(I haven't bothered to check that this actually got us versions high enough to placate Dependabot; I'll see what Dependabot decides to do with the PRs after I merge this!)
It might be nice to upgrade ALL of our dev dependencies, but that breaks
yarn testright now and so will require at least a bit of thought instead of just mindlessly executing steps like I've done here. So I'll start with this!