chore: upgrade deps to fix npm audit complaints#288
Conversation
| sudo: false | ||
| language: node_js | ||
| node_js: | ||
| - "4" |
There was a problem hiding this comment.
Please note it won't work with Node 4.x any more. I find out loopback@3.x has node >= 6.
There was a problem hiding this comment.
Please note that loopback-boot supports LoopBack 2.x applications too and LB 2.x advertises node >= 4:
{
"engines": {
"node": ">=4.0.0"
}
}Having said that, I am ok to drop support for Node.js versions that have reached their EOL, we have done this in the past.
It's just important to be clear about our argumentation.
dhmlau
left a comment
There was a problem hiding this comment.
I think most of our modules have package-lock=false. But if there's particular reason to set it to true, I'm good with it too.
bajtos
left a comment
There was a problem hiding this comment.
I am concerned about updating so many dependencies. Remember, loopback-boot@2 is in maintenance mode now, only fixes for critical security vulnerabilities and critical bugs are allowed. I am afraid there may be subtle changes in the behavior that would be introduced by this big upgrade.
Personally, I'd prefer to upgrade only the dependencies with known security vulnerabilities.
| sudo: false | ||
| language: node_js | ||
| node_js: | ||
| - "4" |
There was a problem hiding this comment.
Please note that loopback-boot supports LoopBack 2.x applications too and LB 2.x advertises node >= 4:
{
"engines": {
"node": ">=4.0.0"
}
}Having said that, I am ok to drop support for Node.js versions that have reached their EOL, we have done this in the past.
It's just important to be clear about our argumentation.
97a0636 to
bea9a5f
Compare
bajtos
left a comment
There was a problem hiding this comment.
Better 👍
Could you please check and upgrade dependencies in the master branch too?
Description
Related issues
Checklist
guide