Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgrade to @surma/rollup-plugin-off-main-thread dependencies from 1.4.1 to 2.2.2 (#2927) #2962

Merged
merged 3 commits into from
Nov 2, 2021

Conversation

fuzail-ahmed
Copy link
Contributor

upgrade to @surma/rollup-plugin-off-main-thread dependencies from 1.4.1 to 2.2.2 (#2927)

Fixes #2927
updated @surma/rollup-plugin-off-main-thread to use the new ejs version 3.1.6

@google-cla
Copy link

google-cla bot commented Oct 18, 2021

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

@fuzail-ahmed
Copy link
Contributor Author

@ViPai82, @jeffposnick Please review

@fuzail-ahmed fuzail-ahmed marked this pull request as draft October 18, 2021 06:52
@fuzail-ahmed fuzail-ahmed marked this pull request as ready for review October 18, 2021 06:55
@jeffposnick
Copy link
Contributor

Thanks for the PR; I was unaware that there was already a version of OMT out that had the updated deps.

However, i think there might be some breaking changes in OMT that make this more of an involved update beyond just changing package.json, as our test suite is now failing:

https://github.com/GoogleChrome/workbox/pull/2962/checks?check_run_id=3928423296#step:7:331

Let me know if you feel comfortable investigating that further; otherwise, I'm happy to take this over.

@jeffposnick
Copy link
Contributor

I'd like to get this merged so that we can include it in our upcoming v6.4.0 release. I'm going to assume you won't mind if I force-push a fix to your branch.

@jeffposnick
Copy link
Contributor

The PR is now failing on Node v10 (which we still support in Workbox v6) because of the use of matchAll() in @surma/rollup-plugin-off-main-thread dependencies.

That module doesn't advertise a minimum required version of Node, and I'm not sure whether this was an intentional breaking change or not. I'll see if @surma is open to swapping out that method for something compatible with Node v10.

@jeffposnick
Copy link
Contributor

@jeffposnick jeffposnick self-requested a review November 2, 2021 14:29
Copy link
Contributor

@jeffposnick jeffposnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, the dependencies are in good shape now. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

workbox-webpack-plugin has indirect dependency on vulnerable ejs 2.7.4 package - needs update
2 participants