launchdarkly / node-server-sdk

LaunchDarkly Server-side SDK for Node
Other
79 stars 65 forks source link

prepare 5.14.6 release #244

Closed LaunchDarklyReleaseBot closed 2 years ago

LaunchDarklyReleaseBot commented 2 years ago

[5.14.6] - 2022-03-25

This release contains no changes to SDK functionality. It differs from 5.14.5 only in that the NPM lockfile package-lock.json has been removed from source control (a change that was already made in 6.x, but had not been backported to the 5.x maintenance branch util now).

The lockfile does not affect the dependencies that are loaded when an application uses the SDK, because NPM only pays attention to the lockfile of the root project (the application). Running a security scan on the node-server-sdk project produced false results, since the scanner would look at the dependency versions that were current at the time the lockfile was generated-- not the versions that would now be used if an application installed the SDK.

louis-launchdarkly commented 2 years ago

@eli-darkly Should this PR removes the package-lock.json files? I don't see that in the Files changed section of this PR.