Releases: Financial-Times/n-gage
Don't run npm update in Heroku postbuild task
What's Changed
- Don't run npm update in Heroku postbuild task by @ivomurrell in #287
Full Changelog: v9.0.0...v9.0.1
Contributors
Assets 2
Upgrade to Node 14 + 16 and npm 7 + 8
What's Changed
- Add package-lock.json lockfile by @ivomurrell in #258
- Use
renovate-config-next-betain Platforms Owned repos by @emortong in #265 - Update to npm 7 by @ivomurrell in #263
- Migrate from
circleci/*tocimg/*by @serena97 in #275 - Add
npm-publish-tokenCircleCI context by @serena97 in #282 - Add support for Node 14 and Node 16 by @ivomurrell in #281
Breaking Changes
- Dropped support for Node 12
- Dropped support for npm 6
n-gage is unsupported. FT.com projects should migrate to Tool Kit.
New Contributors
Full Changelog: v8.3.2...v9.0.0
Contributors
Assets 2
Remove secret-squirrel commitmsg
v8.3.2 Merge pull request #257 from Financial-Times/CPP-544-remove-secret-sq…
Force globs to respect Git wildcard characters and eslint-config-next update
Force globs to respect Git wildcard characters, contains a potential breaking change, #256 :
Fixing this bug might mean other developers who are using git clients that set --literal-pathspecs will start getting githook errors where previously they were getting false negatives. Obviously, this is the correct behaviour but it might be disruptive. The GLOB function is only called from linter code so shouldn't have any other effects beyond githook failures.
Dependency update for @financial-times/eslint-config-next to v3 #241
Allow for use of any main branch name
Upgrade yargs ^10.0.3 -> ^16.0.0 to fix Prototype Pollution
v8.1.1 Merge pull request #249 from Financial-Times/upgrade-yargs-to-fix-pro…
Install task uses 'npm ci' command in CI env w/package-lock.json
If in a CI environment and a package-lock.json exists, the npm ci command will be called to freshly install node_modules from package-lock.json.
npm ci is the install command intended for use in CI environments and is faster and safer than npm install (safer because installs will fail if package-lock.json is inconsistent with package.json).
We're Going Back Into Lockdown So Let's Lock Down Our Dependencies Too
hey so previously we'd prevent npm from creating package-lock.json files and delete them on sight for a few reasons:
- they made it more difficult to keep versions of
n-uiin sync between npm and bower and between apps - they made it more difficult to roll out security updates
- they were unstable
none of these reasons are valid anymore!
n-uiis dead, and Page Kit doesn't require version parity everywhere or keeping bower in sync- Renovate handles
package-lock.jsonfiles just fine thx - 2017 was a long time ago
so we can now let npm create those files. this is opt-in: if you have package-lock.json in your repo's .gitignore, which you probably do, n-gage will keep its old behaviour. if not, it'll do a default npm install allowing package-lock.json to be created. since this automatically prunes superfluous dependencies, we don't need to do that ourselves any more.
we'd strongly encourage you to enable package-lock.json: this will potentially drastically speed up your CI builds and allow better caching of dependencies.
v7.0.0: Upgrade to Node v12
Merge pull request #239 from Financial-Times/upgrade-to-node-v12 Upgrade to Node v12
Improves make .env UX
make .env logs you in if you are not logged in and if the VAULT_AUTH_GITHUB_TOKEN is set