-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tools: use dmn@2.2.1 #26462
tools: use dmn@2.2.1 #26462
Conversation
Let's update to 2.2.1 here. |
dmn 2.2.1 cleans more files than earlier versions.
Sure, done. Lite CI: https://ci.nodejs.org/job/node-test-pull-request-lite-pipeline/2787/ ✅ |
@@ -20,7 +20,7 @@ npm install --no-bin-links --production --no-package-lock eslint-plugin-markdown | |||
cd ../.. | |||
|
|||
# Use dmn to remove some unneeded files. | |||
npx dmn@2.1.0 -f clean | |||
npx dmn@2.2.1 -f clean |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe we want switch to dmn@latest
. I guess breaking changes would be rather unlikely on it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not the only person who has publishing rights to dmn
, so I'd rather be very conservative with a tool that can run arbitrary commands on a developer's machine. So I'd prefer to pin to a specific version and accept the annoyance of a little churn at each update.
To be clear: I don't have any reason whatsoever to distrust the original maintainer at all. They've been totally A++ 💯 🥇 😍 ✨ awesome. But there are lots of possibilities here: Their account (or my account!) gets hacked. Or they (or I!) in good faith give publishing rights to someone who is a bad actor without knowing it. And so on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, there is a certain remaining risk, even if you're the maintainer. If you don't mind updating this version, keep it that way. 😉
dmn 2.2.1 cleans more files than earlier versions. PR-URL: nodejs#26462 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
PR-URL: nodejs#26462 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
Landed in 82f8821...2546351 |
dmn 2.2.1 cleans more files than earlier versions. PR-URL: nodejs#26462 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
PR-URL: nodejs#26462 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
dmn 2.2.1 cleans more files than earlier versions. PR-URL: #26462 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
PR-URL: #26462 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Yuta Hiroto <hello@hiroppy.me>
First commit:
Second commit:
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes