Update dependencies #557
Merged
Update dependencies #557
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
In your commits you mention that we support Node.js 8 and above, given that the data we have suggests lots of 6.x usage is there any reason why we'd not want to support 6.x and above? |
|
The commit messages don't seem to require 8? They seem to drop support for older Node, but all older than 6 |
|
Not blocking, just to record, I get this output when installing with node 6.10.3: |
|
On node 8.9.4 - I think it's identical |
|
I based my commit messages off of the fact that we say we require node 8.x.x in the install docs: https://govuk-prototype-kit.herokuapp.com/docs/install/developer-install-instructions |
joelanman
suggested changes
Jul 19, 2018
basic-auth 2.0.0 drops support for Node.js below 0.8, but we require Node 8.0.It also removes support for passing the context directly to the auth function, but that's ok because we pass the request object. Tested by adding the following to the .env file and ensuring that basic auth still functions: USERNAME=foo PASSWORD=bar NODE_ENV=production USE_HTTPS=false
cross-spawn 6.0 removes support for older node versions, only node >= 4 is supported. This is OK because we already require node >= 8. Tested by making sure that the Prototype Kit still runs without error.
dotenv 6.0 drops support for node v4, but this is fine because we already require node v6. Other breaking changes are: - default path is now path.resolve(process.cwd(), '.env') - does not write over keys already in process.env if the key has a falsy value Neither of these should affect the kit. Tested by adding `FOO=bar` to the `.env` file, and ensuring that it is available within the app by adding a `console.log(process.env.FOO)` and checking for 'bar' in the console output.
Only bugfixes, features and dependency updates.
Tested by running `gulp clean` and checking that the public directory is removed.
There are no release notes or changelog for this module, but looking at sindresorhus/gulp-mocha@v4.0.0...v6.0.0 v6.0 drops support for anything below Node 6. This should be fine, as we require Node 8 or above anyway. Once updated, the tests started 'hanging' – updating the mocha gulp task to use the example from their readme (passing exit: true) solved this.
gulp-sass 4.0 drops support for Node < 4, but this is fine because we require node 8 anyway. Tested by running `gulp clean` to remove the public directory, then running `npm start` and ensuring that the stylesheet is re-generated and the prototype kit app looks correct.
Fixes a number of security vulnerabilities, fixes a load of bugs and adds a number of new features. Some of these are listed as breaking changes, but only because they fix bugs so the output would be different. Tested by going through the documentation (which is written in markdown) and checking that it looks OK.
This package isn't actually require'd or used anywhere in the application – it's pre-installed to make it easier for prototype kit users to get setup with Notify.
This is no longer used as of 6ff3b6b.
Tested by ensuring that gulp tasks are still included from the gulp directory (the only place that require-dir is used is in gulpfile.js, where it includes the tasks from ./gulp.
Tested by ensuring that the gulp tasks in gulp/tasks.js that use run-sequence still run without error.
Tested by ensuring that the release url on the `/docs/install` page is still generated correctly (sync-request is only used by the getLatestRelease in lib/utils, which is used on the /docs/install page to automatically link to the latest release from GitHub)
36degrees
force-pushed
the
update-dependencies
branch
from
d96eed1
to
1c19efe
Compare
|
Done 👍 |
joelanman
approved these changes
Jul 19, 2018
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates all dependencies reported as outdated by running npm outdated:
(readdir has been removed as it was not being used)
Individual commits have details for how each change was tested.
https://trello.com/c/Vaizr1wg/1164-2-update-dependencies-in-prototype-kit