Closed
Conversation
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Member
Author
|
I tried pinning the versions in package.json to whatever they were set to in package-lock.json, but still npm install allows itself to update sub-deps. From what I read here https://medium.com/the-guild/how-should-you-pin-your-npm-dependencies-and-why-2b8d545c7312 it seems it's not possible to pin sub-deps. Let's try the depandabot route and see how it does it... |
Member
Author
|
dependabot work started here: #1110 (comment) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes an issue where file names called "JavaScript.md" would cause errors in the console.
The PR is messy because npm wanted to update a lot of other things, I did not manage to prevent it...
For a stable release I wouldn't want to update that much just for that simple fix...
But if we're ok with all the other dep updates, even @nextcloud/auth and @nextcloud/vue on stable18, then we can move forward and revert the package.json sticky versions I put in.
Also I'm surprised that
make build-js-productionmodified so many JS files. Maybe it's related to all the other dep updates...Thoughts ? @juliushaertl @ChristophWurst