Closed pat270 closed 10 months ago
Fixing the version does provide the benefit of not unknowingly introducing new errors, but it also has it's own drawbacks. We miss out on automatic fixes, sometimes of security issues (granted, this is probably not an issue for a sass processor). How would we make sure to keep the version updated? Do we need to keep it updated? Are there any other instances where we have a fixed the version of something like this? Do we already have a process for consistently doing manual version updates?
I don't have any ideas for making sure Sass gets updated other than periodic reminders. We could use the ~
symbol which will only update future patch versions (1.64.xx). Blindly accepting new versions from the cloud also come with vulnerabilities, packages get compromised (e.g., ua-parser-js).
Maybe to make sure we don't forget to make updates, we could add a github action that creates an issue once a month to test and update to the latest sass version. https://docs.github.com/en/actions/managing-issues-and-pull-requests/scheduling-issue-creation
Locking the version seems right to me, we tend to do that more often these days due to issues of poor version management from 3rd party packages.
@ethib137 periodically checking for updates via github issue is fine, although I've found in the past that we rarely actually follow up, not because we don't want to, but because it just doesn't get prioritized. May be best to create a jira issue to check on it and hopefully that gets prioritized by product regularly.
@pat270 I think you just need to run yarn
from the root of the repo to make sure the lock file is updated properly
Thanks @bryceosterhaus , that makes sense. Let me know if anything else is needed to get this merged.
@ethib137 do you also need a new version released ASAP?
Yes please @bryceosterhaus . We have clients asking for an official solution and having this released will provide that.
Released: https://github.com/liferay/liferay-frontend-projects/releases/tag/liferay-theme-tasks%2Fv11.5.3
I believe the theme generator should automatically pull in this latest version
https://liferay.atlassian.net/browse/LPP-50503
This fixes the Sass version to 1.64.1 to avoid the log function errors introduced in Sass@1.65.1. I think it would be better if we could review Sass minor and patch versions before passing it on to our users.
@ethib137 @dsanz