search

mgol / check-dependencies

Checks if currently installed npm dependencies are installed in the exact same versions that are specified in package.json
MIT License
115 stars 30 forks source link

update findup-sync and package version #35

Closed FelixFurtmayr closed 5 years ago

mgol commented 5 years ago

Thanks for the PR but is there any pressing need for this update?

FelixFurtmayr commented 5 years ago

I did this for security reasons. So far I updated also other package versions.

before: image

after: image

However, the test is failing for node version 4; I guess due to missing es6 compatibility in the old versions. The last node version 4.9.1 was published a year ago. In my eyes those users can stick to the older package version.

I suggest to do a major release, if there is no backwards compatibility to node 4 and note this in the readme. But of course - you might choose when to upgrade. I thought an update after 2 years would be ok.

mgol commented 5 years ago

@FelixFurtmayr Thanks for the info. Dropping Node 4 at this point made sense for me, according to https://github.com/nodejs/Release Node.js 6 is losing support in a month as well so I dropped that, too.

I have a few things I'd like to do before a release so this won't happen right away but I'll try to look into it soon.

Thanks!