Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update minimum required node.js version to v12 with npm package dependencies #1799

Merged
merged 2 commits into from
Mar 9, 2023
Merged

Update minimum required node.js version to v12 with npm package dependencies #1799

merged 2 commits into from
Mar 9, 2023

Conversation

PeterDaveHello
Copy link
Contributor

Looks like the node.js and npm dependencies didn't get update for a while, node.js v10 is EoL at 2021-04-30, and there could be a lot of security vulnerabilities since the last release, especially for those using pre-built Docker image on Docker Hub.

The idea here, is try to increase the baseline of the node.js and npm packages "a little bit", and ideally will update to node.js v18, because both of node.js v14 & v16 will reach EoL this year, node.js v12 is EoL at 2022-04-30 last year.

As I can't guarantee how much I can contribute, each PR won't be large, so that we can get it reviewed and merged in a more agile way ;)

Currently, npm run test is the assurance of the update not breaking things, please let me know if that's not enough. Thanks.

Reference:

  • Prompt message from npm install before the update:

    found 350 vulnerabilities (13 low, 163 moderate, 138 high, 36 critical)

  • Prompt message from npm install after the update:

    found 123 vulnerabilities (13 low, 42 moderate, 52 high, 16 critical)

@PeterDaveHello
Update minimum required node.js version to v12
3ea10a6 
Signed-off-by: Peter Dave Hello <hsu@peterdavehello.org>
@PeterDaveHello
Copy link
Contributor Author

PeterDaveHello commented Mar 1, 2023
edited
Loading

Looks like there are some thing need to be fixed. (Should also run npm run build)

PeterDaveHello
PeterDaveHello commented Mar 1, 2023
View reviewed changes
package.json Outdated Show resolved Hide resolved
@PeterDaveHello
Update npm package dependencies
500fe78 
Try to simply update the npm packages without any additional changes.

Signed-off-by: Peter Dave Hello <hsu@peterdavehello.org>
@Yukaii Yukaii merged commit 52bfb9b into hackmdio:develop Mar 9, 2023
@PeterDaveHello PeterDaveHello deleted the updateDependenciesBaseline branch March 9, 2023 07:52
@PeterDaveHello PeterDaveHello mentioned this pull request Aug 11, 2023
Merged
@stanley2058 stanley2058 mentioned this pull request Dec 26, 2023
Merged
@Yukaii Yukaii mentioned this pull request Jan 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jackycute jackycute jackycute approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PeterDaveHello @jackycute @Yukaii