Skip to content

chore(dependencies): address all minor updates as of 2021/09/17 #219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 17, 2021
Merged

chore(dependencies): address all minor updates as of 2021/09/17 #219

merged 1 commit into from
Sep 17, 2021

Conversation

texastony
Copy link
Contributor

@texastony texastony commented Sep 17, 2021
edited
Loading

Issue #, if available: Address #168, #166, #164, #161, #160, #159, #128

Description of changes: Address all minor updates for dependencies discovered by dependabot.
package and package-lock.json were generated via:

npm i [email protected] @aws-sdk/util-utf8-browser@3 @aws-sdk/util-hex-encoding@3 [email protected] [email protected];
npm install --dev  @aws-sdk/util-buffer-from@3 --dev dot-prop@6;
npm run clean; rm -rf node_modules; rm package-lock.json; npm install; npm audit fix;

However, the dev command really did not work, so there was some minor editing of the package files to ensure that none of the mentioned dependencies were added to the Prod dependencies in the package.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

josecorella
josecorella reviewed Sep 17, 2021
View reviewed changes
package.json
"@types/chai": "^4.2.12",
"@types/mocha": "^7.0.2",
"@types/node": "^14.0.27",
"@types/sinon": "^9.0.4",
"chai": "^4.2.0",
"dot-prop": "^6.0.1",
Copy link
Contributor

@josecorella josecorella Sep 17, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In #166 it says to bump dot-prop but here makes it seem like we are picking up a new dependency. Is this actually the case or are we bumping it

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not dead certain... the only way I can force the package-lock to resolve to dot-prop 6 is by having this here. Normally I would not add dependencies to the package.json without very good reason. Without this, dot-prop was resolving to something much lower... I think 4.2.1... which is what #166 is targeting, but it was actually lower than what we already have... so I locked it on greater than 6.

josecorella
josecorella approved these changes Sep 17, 2021
View reviewed changes
Copy link
Contributor

@josecorella josecorella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 🚀

@texastony texastony merged commit 2cd9345 into aws:master Sep 17, 2021
This was referenced Sep 19, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josecorella josecorella josecorella approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@texastony @josecorella