Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies #95

Merged
merged 3 commits into from
Sep 3, 2024
Merged

Update dependencies #95

merged 3 commits into from
Sep 3, 2024

Conversation

jayvdb
Copy link
Contributor

@jayvdb jayvdb commented Sep 2, 2024

No description provided.

package.json Outdated Show resolved Hide resolved
package.json Outdated Show resolved Hide resolved
package.json Outdated Show resolved Hide resolved
@@ -9,14 +9,14 @@
"Andrew Monks <a@monks.co>"
],
"dependencies": {
"@blueoak/list": "^9.0.0",
"@npmcli/arborist": "^6.5.0",
"@blueoak/list": "^15.0.0",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

noting this has no minimum supported node version implications https://github.com/blueoakcouncil/blue-oak-list-npm-package

"spdx-expression-parse": "^3.0.1",
"spdx-expression-parse": "^4.0.0",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just noting that https://github.com/jslicense/spdx-expression-parse.js/blob/main/package.json doesnt declare its minimum supported node version

package.json Outdated
Comment on lines 32 to 31
"rimraf": "^3.0.2",
"rimraf": "^4.3.1",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

package.json Outdated
"run-parallel": "^1.2.0",
"spawn-sync": "^2.0.0",
"standard": "^14.3.4",
"standard": "^17.1.0",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"standard": "^17.1.0",
"standard": "^14.3.4",

Leave Standard be. It'll just complain about a bunch of old syntax.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesnt complain when I run it locally.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$ npx standard@17.1.0 
standard: Use JavaScript Standard Style (https://standardjs.com)
standard: Some warnings are present which will be errors in the next version (https://standardjs.com)
standard: Run `standard --fix` to automatically fix some problems.
  /home/kyle/licensee.js/index.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:4:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:5:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:6:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:7:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:8:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:9:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:10:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:11:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:21:9: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:36:5: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:39:9: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:66:9: Expected newline between consequent and alternate of ternary expression. (multiline-ternary)
  /home/kyle/licensee.js/index.js:68:1: Expected indentation of 10 spaces but found 8. (indent)
  /home/kyle/licensee.js/index.js:73:1: Expected indentation of 8 spaces but found 6. (indent)
  /home/kyle/licensee.js/index.js:86:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:92:5: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:94:5: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:114:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:115:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:128:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:143:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:153:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:155:5: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:183:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:200:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:201:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:208:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:210:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:252:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:253:8: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:254:5: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:269:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:270:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:271:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/index.js:273:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/allowed/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/allowed/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/apache-2.0-mit-allowed/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/apache-2.0-mit-allowed/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-fail/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-fail/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-flag/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-flag/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-gold-mit/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-gold-mit/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-misspelled/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-misspelled/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-pass/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/blue-oak-pass/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/ignored-author/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/ignored-author/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/ignored-prefix/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/ignored-prefix/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/ignored-scope/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/ignored-scope/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/licenses-array-with-corrections/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/licenses-array-with-corrections/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/mit-not-allowed/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/mit-not-allowed/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/no-allowlist/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/no-allowlist/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/no-dependencies/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/optimist-with-corrections/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/optimist-with-corrections/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/optimist-with-corrections-in-dotfile/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/optimist-with-corrections-in-dotfile/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/optimist-without-corrections/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/optimist-without-corrections/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/osi-fail/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/osi-fail/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/osi-flag-fail/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/osi-flag-fail/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/osi-flag-pass/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/osi-flag-pass/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/osi-pass/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/osi-pass/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/out-of-allowed-range/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/out-of-allowed-range/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/production-only/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/production-only/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/run.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/run.js:6:30: Expected property shorthand. (object-shorthand) (warning)
  /home/kyle/licensee.js/tests/run.js:7:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/run.js:7:52: Expected property shorthand. (object-shorthand) (warning)
  /home/kyle/licensee.js/tests/symlinked-node-modules/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/symlinked-node-modules/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:2:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:4:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:5:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:6:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:7:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:12:5: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:36:9: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unit.test.js:64:3: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unlicensed-subdependency/test.js:1:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unlicensed-subdependency/test.js:3:1: Unexpected var, use let or const instead. (no-var) (warning)
  /home/kyle/licensee.js/tests/unlicensed-subdependency/test.js:7:1: Unexpected var, use let or const instead. (no-var) (warning)

package.json Outdated
@@ -43,7 +42,7 @@
"pretest": "npm run lint",
"tests-only": "tap --no-check-coverage tests/unit.test.js tests/**/test.js",
"test": "npm run tests-only",
"posttest": "aud --production"
"posttest": "npx 'npm@>=10.2' audit --production"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"posttest": "npx 'npm@>=10.2' audit --production"
"posttest": "aud --production"

Revert. aud is a dependency and I believe npx itself has now been deprecated in favor of npm exec.

Ain't broke. Let's not waste time fixing.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aud is unmaintained. It is listed as deprecated at https://www.npmjs.com/package/aud . repo has been archived at https://github.com/ljharb/aud

https://osv.dev/vulnerability/GHSA-pfrx-2q88-qq97 exists in the current dep tree because of aud.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feel free to take it up in a separate PR.

The vuln doesn't matter in context here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not "unmaintained" or vulnerable, however, npm 10.2 obviates aud (my package), because npm audit runs without a lockfile.

It's fine to ask it to be separate from this PR, but this is a good change.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to focus here on something small and releaseable. We're overdue to bump some of the spdx packages I maintain. If we can bump arborist without dropping Node versions, great.

@kemitchell
Copy link
Member

Failed on Node 15, but Node 15 always fails "Error: Cannot find module 'node:events'".

@ljharb
Copy link
Member

ljharb commented Sep 3, 2024

What package is using the prefix? events works fine in every node version.

@kemitchell
Copy link
Member

@kemitchell
Copy link
Member

@ljharb, any objection to my releasing this semver-minor?

@ljharb
Copy link
Member

ljharb commented Sep 3, 2024

ah, looks like it's minipass via @npmcli/arborist, which indeed has engines of >= 16.

so yes, i'd say it's a semver-major, and you can confirm it by running npx ls-engines in CI prior to this change.

@kemitchell
Copy link
Member

This PR is no longer bumping Arborist. Yet we get the failure.

@ljharb, any objection to my merging this #95, adding a commit to bump Arborist to latest 7.x.y, and releasing semver-major?

@ljharb
Copy link
Member

ljharb commented Sep 3, 2024

Sure, but let's proactively bump engines.node to ^18.12 || ^20.9 || >= 22.7, just to reduce the likelihood of another semver major. I'd also recommend adding ls-engines to CI :-)

@kemitchell kemitchell merged commit 3fe7019 into jslicense:main Sep 3, 2024
16 of 17 checks passed
kemitchell added a commit that referenced this pull request Sep 3, 2024
@kemitchell
Copy link
Member

Thanks for your effort here, @jayvdb.

@jayvdb jayvdb deleted the update-deps branch September 3, 2024 04:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants