Skip to content

Remove yarn + fix security issues reported by npm audit #417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

McFizh
Copy link

@McFizh McFizh commented Mar 6, 2025

This MR contains following changes:

  • Fixes security issues reported by npm audit
  • Removes yarn (makes it easier to maintain package, since there's only one lock file to update)
  • Removes package 'npm-run-all', which hasn't seen update in 6 years
  • Update pipeline to test with node versions from 16.x to 22.x

Note: glob + jest updates raised the minimum node version to 16.x (but even that is already eol, so should not be that big of an issue)

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
@ShaharHD
Copy link

ShaharHD commented Apr 10, 2025

I would advocate to keep yarn and remove npm (and the package-lock.json) as everything was already pointing to yarn.

but good work, took it to base my fork on

@McFizh
Copy link
Author

McFizh commented May 13, 2025

I updated this PR a bit.. Node 24 is added to testing matrix and glob version is updated as high as possible while keeping at least node 16 compatibility. Glob 11.x is for node versions 20 and onwards.

Also jest is updated to latest version, so it should be easier to switch to version 30 once it's out. That version should finally remove deprecated inflight dependency (see issue #227)

Copy link

stale bot commented Jul 12, 2025

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Jul 12, 2025
@daniloab daniloab removed the wontfix label Jul 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants