-
-
Notifications
You must be signed in to change notification settings - Fork 17.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
outdated dependencies #4171
Comments
Yea, we can look at updating them :) for the non dev ones, would you be willing to list what all has chaned in each one so we can determine if updating it would be a patch version, minor version, or major version for express? For example cookie-signature drops support for Node.js less than 6.6 I believe making it a major version bump for express. Getting the details for each one of thos will help plan. We'd want to split into the three version buckets so we can make the relevant releases which each type of change. We need to gather what the differences are anyway for HISTORY.md file. |
Thanks for the fast replay @dougwilson! Sure. I will create new PRs follow your advise. As we are looking to support old nodejs version (0.10) I will investigate each of them to see how far I can go with the upgrade and create separete PRs 👍 After that I will open an issue for branch 5.0. There I will use a different strategy as I assume we only need to support v10. Maybe I can wait until branch 5.0 got updated with |
Ah, yes, we will get 4.17 line into the 5.0 branch along with the router updates that will make up the beta.1 release this month. Depending on how this dep updates shake out, we may do a patch 4.17, then merge into 5.0. |
So, time for a new approach:
|
@dougwilson do you think that |
Sorry, just took a look and yea, I don't think any of those can be upgraded; path-to-regexp we know cannot because it changes how you declare the routes in a non-backwards-compatible manner, and array-flatten is exported externally in 4.x, so even though it wouldn't break our internal usage, there is code in the wild using our export. |
So this is the outdated (production) tree of the current version, where I have removed the ones already excluded in conversation above:
|
So from that, I think there is a quick patch version we can release of 4.17 to get some of them updated, namely updated (bubble them up from the deps as well) the following:
These are "hidden" deps that even though they look non-patch, depending on the change may surface to our users as a patch, but just needs investigation to confirm:
|
Hi @UlisesGascon just wanted to check in on if you have done any additional research, or should I take over this? |
As you wish ;-) I can submit a PR for What do you want me to do? 🤔 |
Sure!
Well, we need to research on if they would result in a patch, minor, or major of the relevant repo first. Would you want to take on that research task, or wait to hear back on it and do the prs? |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Hello everyone, |
Hi @sarthak0906 the array-flatten is not possible to updated in the 4.x line, which this issue is tracking. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Sorry, no enterprise licence ... They are writing here some lines about false positives. I can take a look in the logs tomorow (its to late now ...). So far here are the full results of the 2 scans:
|
Would be super cool if the
|
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Is there any plan to bump |
Express 4.18 should be using |
Yea, this was a tracking issue that was a combination of dependencies for 4.x and 5.x The 5.x ones are just about done and the 4.x ones that were left have all been landed in 4.18, due out in just a bit. I think we're safe to close this issue now. If there are any remaining stragglers, feel free to open issues (or prs) for just them, as I'll be easier to track vs a giant issue. |
👉 SEE
The text was updated successfully, but these errors were encountered: