Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update meow to v9 and devDependencies #86

Merged
merged 3 commits into from
Sep 13, 2023

Conversation

dpdiliberto
Copy link
Contributor

Updating dependencies to help resolve #84. Per sindresorhus/meow#204 (comment), I updated meow to v9 rather than to the latest since later versions require ESM.

@dpdiliberto
Copy link
Contributor Author

@tristen it looks like tests using Node 10 are failing, which I believe is due to the update to eslint. Do you think it would make sense to update node_js in https://github.com/mapbox/polyline/blob/master/.travis.yml to more recent versions?

@tristen
Copy link
Member

tristen commented Sep 8, 2023

@dpdiliberto that seems like a sensible change to me 👍. Maybe we can replace 10 and 12 with more recent 16 and 18 versions.

@dpdiliberto
Copy link
Contributor Author

Thanks @tristen , I updated the Node versions, and also upgraded the Travis build environment (per https://travis-ci.community/t/the-command-npm-config-set-spin-false-failed-and-exited-with-1-during/12909/7), since I was running into the following build error:

$ nvm install 18
node: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.27' not found (required by node)
node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by node)
node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by node)
node: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.27' not found (required by node)
node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by node)
node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by node)
The command "npm config set progress false" failed and exited with 1 during .

All checks are passing now 👍 .

@tristen tristen self-requested a review September 13, 2023 19:09
Copy link
Member

@tristen tristen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Changes LGTM:

Screenshot 2023-09-13 at 3 10 22 PM

@dpdiliberto dpdiliberto merged commit 0c8a9cf into master Sep 13, 2023
4 checks passed
@leslieli
Copy link

Thanks @dpdiliberto and @tristen , please help publish a new release to NPM.

@tristen tristen deleted the update_meow_and_devdependencies branch September 14, 2023 13:49
@tristen
Copy link
Member

tristen commented Sep 14, 2023

@leslieli done! https://www.npmjs.com/package/@mapbox/polyline/v/1.2.1

@leslieli
Copy link

Thanks @tristen .

@leslieli
Copy link

leslieli commented Sep 14, 2023

Looks upgrading the meow to v9 doesn't fix the issue #84, it is still referencing the semver@7.3.7, not v7.5.2+

└─┬ @mapbox/polyline@1.2.1
  └─┬ meow@9.0.0
    ├─┬ normalize-package-data@3.0.3
    │ └── semver@7.3.7
    └─┬ read-pkg-up@7.0.1
      └─┬ read-pkg@5.2.0
        └─┬ normalize-package-data@2.5.0
          └── semver@5.7.1

@tristen @dpdiliberto

@tristen
Copy link
Member

tristen commented Sep 18, 2023

👋 @leslieli want to put a pull request together that addresses the issue? I'd be happy to review and cut a new release.

@leslieli
Copy link

@tristen I am not quite familiar with the project and would like to suggest someone in your team could help on this. If possible, could you provide the estimation - when we can expect the fix release? Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Should upgrade the meow to latest version to fix the security issue CVE-2022-25883?
3 participants