Closed cotes2020 closed 4 months ago
Hi,
Your reports mentioned some devDependencies
, which should not impact you as these dependencies should not be installed on your project.
Among "dependencies" (not devDependencies):
glob
: There was an issue on Windows (I don't remember which one exactly), but upgrade was not so easy.package-name-regex
: I need to check, if it has not been upgraded, it might be because of the version of node this package supports.magic-string
: the version is set to ~0.30.0
, so it should be upgraded to the latest automatically on your project.mkdirp
: the version is set to ~3.0.0
, so it should be upgrade to the latest automatically on your project.If you don't mind, I can create a PR to help you fix the dependabot configuration.
No thanks, I only need to re-check how to upgrade glob
& package-name-regex
.
Ok, got it, thanks for the detailed reply :)
Hi there, my project uses the latest
rollup-plugin-license
(v3.4.0), and when I rannpm install
, I got the warning:It seems that the major version of
glob
is deprecated, out of curiosity I cloned this repository and checked the deprecation of all the dependencies and the result is as follows:As you can see, the major versions of 5 of these packages are far behind (in red in the image), so they desperately need to be updated. If you have a specific reason for keeping the older versions, can you share why?
BTW, I noticed that this repository has
dependabot
installed, but it doesn't seem to be working very well, maybe you should consider improving the dependabot configuration?Thanks for keeping up this excellent project!
Update:
If you don't mind, I can create a PR to help you fix the
dependabot
configuration.