Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: put latest lodash version explicitly to devDependencies #34

Open
wants to merge 1 commit into
base: development
Choose a base branch
from

Conversation

valdemon
Copy link
Contributor

test: description now doesn't return promise as required by latest jest version.

WORK IN PROGRES - please don't merge yet

... as we'll still get the security alerts because of nodejs/node-gyp#1718.

The node-gyp@3.8.1 release is planned ~10-th of May.

test: `description` now doesn't return promise as required by latest `jest` version
@ghost ghost assigned valdemon Apr 19, 2019
@ghost ghost added the review label Apr 19, 2019
@codecov
Copy link

codecov bot commented Apr 19, 2019

Codecov Report

Merging #34 into development will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           development    #34   +/-   ##
==========================================
  Coverage          100%   100%           
==========================================
  Files               17     17           
  Lines              401    401           
  Branches            75     75           
==========================================
  Hits               401    401

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e40bb67...d14dbdc. Read the comment docs.

@vsetka
Copy link
Contributor

vsetka commented Apr 19, 2019

Just an FYI, you can now create (since February) draft pull requests so PRs that are still in progress don't accidentally get merged. Scroll to the bottom heret: https://help.github.com/en/articles/creating-a-pull-request.

@valdemon
Copy link
Contributor Author

Still on this because of npm/cli#198 and then a dependency chain:
semantic-release > @semantic-release/npm > npm > npm-lifecycle > node-gyp > fstream

@valdemon
Copy link
Contributor Author

The good in bad is that all this mess concerns the devDependencies only, so - there are no security issues in the runtime context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants