Closed zFernand0 closed 2 years ago
Kudos, SonarCloud Quality Gate passed!
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
No more changes planned
Have we determined what best practices should be when a developer updates direct dependencies?
npm outdated
?npm update
?npm install
?npm shrinkwrap
?If we have recommendations, maybe we should place such text into the README files of each repository under the "Building from source" section, or maybe a new section?
Have we determined what best practices should be when a developer updates direct dependencies?
- Use
npm outdated
?- Manually edit package.json
- Use
npm update
?- Rerun
npm install
?- What options might be best for
npm shrinkwrap
?If we have recommendations, maybe we should place such text into the README files of each repository under the "Building from source" section, or maybe a new section?
I don't think we've made a decision on how to update dependencies within npm-shrinkwrap.
Personally, I do like the top-level summary provided by npm outdated
even though it may not always work great with prerelease strings (i.e. unexpected latest
suggestion) and kind of mixes regular dependencies with dev Dependencies.
However, npm outdated
seems to only provide the information and we have to make the decision.
The case of npm update
should work for transitive dependencies based on their restrictions (~
, ^
, ...).
I do believe that between npm audit fix
and npm update
we should be covered in terms of regularly updating the dependencies. These two scripts could be executed right before every Zowe code freeze.
Either way, I think we should update the README files once we decide on cadence and process 😋
Codecov Report
54.79% <0.00%> (-1.55%)
96.70% <0.00%> (+0.03%)
Continue to review full report at Codecov.