Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependency notes file #37

Merged
merged 4 commits into from
Sep 5, 2024
Merged

Add dependency notes file #37

merged 4 commits into from
Sep 5, 2024

Conversation

mint-thompson
Copy link
Collaborator

Description:
Adds the dependency notes file to track dependencies that are intentionally left out of date. All dependencies are currently up-to-date, so there are no dependencies listed in the file.

Related Issue:
Fixes #35

jafeltra
jafeltra reviewed Sep 4, 2024
View reviewed changes
Copy link
Collaborator

@jafeltra jafeltra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small question. It looks like moment is on v2.30.1 and the package-lock.json has already been updated to use that version. Are we trying to keep the package.json list updated with the latest versions we're using as well? If so, we can update that file. On the other hand, package-lock.json is doing what it is supposed to do, it probably isn't a huge deal either way.

@mint-thompson
Copy link
Collaborator Author

Small question. It looks like moment is on v2.30.1 and the package-lock.json has already been updated to use that version. Are we trying to keep the package.json list updated with the latest versions we're using as well? If so, we can update that file. On the other hand, package-lock.json is doing what it is supposed to do, it probably isn't a huge deal either way.

I think it's okay? npm outdated does not seem to ask for anything to be changed, so it should be fine.

@jafeltra
Copy link
Collaborator

jafeltra commented Sep 5, 2024

I think it's okay? npm outdated does not seem to ask for anything to be changed, so it should be fine.

Yeah, that's why I wasn't sure if we needed it. But the package.json lists moment version 2.29.1, but the latest version is 2.30.1. In the other PRs, we've been updating that version in the package.json, rather than just in the package-lock.json, which is why I asked about doing that here as well. But if you don't think it's necessary, then that's fine with me.

@cmoesel
Copy link
Member

cmoesel commented Sep 5, 2024

Yeah, I think it's technically OK. It's kind of nice when the package.json reflects the latest as of the time you did the updates -- but it's not necessary. There are probably other cases in our other packages where this happens but it's not as obvious because there are so many more dependencies in those ones.

cmoesel
cmoesel approved these changes Sep 5, 2024
View reviewed changes
Copy link
Member

@cmoesel cmoesel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Easy peasy. Thanks Mint!

@cmoesel cmoesel merged commit b0aa296 into main Sep 5, 2024
@cmoesel cmoesel deleted the add-dependency-notes branch September 5, 2024 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cmoesel cmoesel cmoesel approved these changes

@jafeltra jafeltra jafeltra approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update Dependencies and Add DEPENDENCY-NOTES.md
3 participants
@mint-thompson @jafeltra @cmoesel