User tests: Successful: Unsuccessful:
CodeMirror updated to 5.65.6
and various dev dependencies
All scripts that are not dev dependencies have already been updated or are semver compatible
Status | New | ⇒ | Pending |
Category | ⇒ | NPM Change Front End Plugins |
Labels |
Added:
NPM Resource Changed
?
|
Status | Pending | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-06-20 16:24:04 |
Closed_By | ⇒ | brianteeman |
Status | Closed | ⇒ | New |
Closed_Date | 2022-06-20 16:24:04 | ⇒ | |
Closed_By | brianteeman | ⇒ |
Status | New | ⇒ | Pending |
Vue should be updated as well as it is only a patch shift.
Then I'm wondering why it got locked. It was done in #36295. @dgrammatiko any reason you locked vue to a specific release?
@dgrammatiko any reason you locked vue to a specific release?
Yes, the reason is security and assuring that the person in charge of releases will NOT accidentally distribute a version that was not tested/peer reviewed/etc. FWIW for years I kept asking for an automated solution for both npm+composer but gloriously ignored. Anyways, both package.json and composer.json SHOULD point to specific versions for the dependencies (joomla is not a weekend project, so maintainers should treat it respectively).
An implementation of renovate bot in this repo will apply this before start doing any PRs for updating any of the dependencies (you can check it in one of my many repos where I use it for quite some time, eg: package.josn renovate.josn ).
The lock file does the job of pointing to a specific version. There is no need to do that in the config file as well, except when there is a bug/incompatibility/whatever in the library and we have to stick to a specific version.
@laoneo sure but everybody is using specific version on their package.json, eg: https://github.com/WordPress/wordpress-develop/blob/40c4f11a81ee28b1ec1869c9842064ac0bf137c2/package.json#L78-L156
if everybody was doing that then there would be zero point in the ^ or ~ functionality existing.
closed. i'm not wasting my time resolving conflicts
Status | Pending | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-06-23 15:33:30 |
Closed_By | ⇒ | brianteeman |
testing should be quite simple. Apply the pr. then
npm ci
There should be no new files to commit
then run
npm outdated
and the output will be