Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to yarn.lock + update dependencies #688

Merged
merged 4 commits into from
Dec 18, 2019
Merged

Move to yarn.lock + update dependencies #688

merged 4 commits into from
Dec 18, 2019

Conversation

bpierre
Copy link
Contributor

@bpierre bpierre commented Dec 18, 2019

  • Update dependencies (fix a security alert).
  • Remove WebpackMonitor (unmaintained, little benefit on the gallery).
  • Replace the webpack UglifyJS plugin by the Terser plugin (the UglifyJS plugin is now unmaintained).
  • Move to yarn.lock files.
  • Prettier: formatting change.

@bpierre
Update dependencies (fix security alerts in serialize-javascript)
10869df 
Also:

- Remove WebpackMonitor (unmaintained + little benefit on the gallery)
- Replace the webpack UglifyJS plugin by the Terser plugin (the UglifyJS
  plugin has been deprecated).
@bpierre
package-lock.json => yarn.lock
8b604f3
@bpierre
Prettier fix
33dfda1
@bpierre bpierre requested a review from sohkai December 18, 2019 04:16
sohkai
sohkai approved these changes Dec 18, 2019
View reviewed changes
Copy link
Contributor

@sohkai sohkai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

package.json Outdated Show resolved Hide resolved
sohkai
sohkai reviewed Dec 18, 2019
View reviewed changes
package.json Outdated
"rollup-plugin-visualizer": "^1.1.1",
"rollup-plugin-sizes": "^1.0.1",
"rollup-plugin-uglify": "^6.0.4",
"rollup-plugin-url": "^3.0.1",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like there are also deprecation warnings for rollup-plugin-url and rollup-plugin-node-resolve; should we update those as well?

Copy link
Contributor Author

@bpierre bpierre Dec 18, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yes I didn’t see that! I thought yarn outdated or yarn upgrade-interactive would show that, but it seems that no command shows the deprecated status of dependencies − apart from running yarn info | grep deprecated on them individually… are you doing this manually, or do you know a secret command? 😄

Edit 😆 :

alias check-deprecated-modules="cat package.json | jq '(.dependencies+.devDependencies) | keys | .[]' | xargs -I {} sh -c 'yarn info --json {} | jq \".data.name,.data.deprecated\"'"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are you doing this manually, or do you know a secret command?

I just see the warnings during install :).

@bpierre bpierre merged commit a6b1969 into master Dec 18, 2019
@bpierre bpierre deleted the update-deps branch December 18, 2019 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sohkai sohkai sohkai approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bpierre @sohkai