Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating dependencies and removing chokidar-cli #51

Merged
merged 1 commit into from
Mar 22, 2022
Merged

Updating dependencies and removing chokidar-cli #51

merged 1 commit into from
Mar 22, 2022

Conversation

erinesullivan
Copy link
Collaborator

@erinesullivan erinesullivan commented Mar 22, 2022
edited
Loading

Overview

Updating npm dependencies for the sake of security.

This needs to be a monthly task.

chokidar-cli

chokidar-cli had several vulnerabilities, and has not been updated in 8 months. There is an issue that has been open for a few months to fix it. The package is only used to watch CSS changes, which is nice but is not required for development. I have made the decision to remove it.

Testing

  • Remove and install packages (rm -rf node_modules/ && docker-compose run --rm web npm install).
  • Launch the site and see if everything looks good.
  • Trying and build the css (docker-compose run --rm web npm run build).

@erinesullivan
Updating dependencies and removing chokidar-cli
ec6e5b6 
- `chokidar-cli` had vulnerabilities, and hasn't been updated in 8 months, even though issues are open in the repo.
@erinesullivan erinesullivan added the dependencies Changes to packages or gems. label Mar 22, 2022
@erinesullivan erinesullivan requested a review from niquerio March 22, 2022 15:38
@erinesullivan erinesullivan self-assigned this Mar 22, 2022
niquerio
niquerio reviewed Mar 22, 2022
View reviewed changes
Copy link
Collaborator

@niquerio niquerio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So is the idea now to run build manually when you want to see changes?

I'm Ok with getting rid of it, btw just making sure I know the implications. For ruby changes I have to keep restarting sinatra so that kind of thing is not a big deal for me.

@erinesullivan
Copy link
Collaborator Author

@niquerio Correct, which I do anyway. The majority of styling is practically done, so there shouldn't be many CSS changes in the future.

@niquerio
Copy link
Collaborator

Alright! Get rid of if then. If we want that functionality in the future there other ways to do it.

@erinesullivan erinesullivan merged commit 25ecaab into main Mar 22, 2022
@erinesullivan erinesullivan deleted the npm-updates-2022-03 branch March 22, 2022 18:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@niquerio niquerio niquerio left review comments

Assignees

@erinesullivan erinesullivan

Labels
dependencies Changes to packages or gems.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erinesullivan @niquerio