Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade devDependencies #1146

Merged
merged 3 commits into from
May 21, 2021
Merged

Upgrade devDependencies #1146

merged 3 commits into from
May 21, 2021

Conversation

richardm-stripe
Copy link
Contributor

@richardm-stripe richardm-stripe commented Apr 27, 2021
edited
Loading

This PR bumps some devDependencies that are marked as vulnerable. This is merely for hygiene: the vulnerabilities do not affect this library -- we do not rely on the vulnerable code paths, nor does the development workflow involve live traffic.

The upgraded dependencies are not compatible with Node 8, and so this PR also disables Node 8 in CI. We hope to officially deprecate Node 8 soon, but in the meantime we will be not be able to rely on CI to be sure Node 8 does not break and should verify that any potentially incompatible changes are tested manually.

cc @stripe/api-libraries
r? @stripe/api-library-reviewers

@richardm-stripe
Copy link
Contributor Author

Oh stop the presses, we lose node 8 in CI with this.

@ob-stripe
Copy link
Contributor

Node 8 is past EOL, so maybe we should just drop support for it :)

@richardm-stripe richardm-stripe changed the title devDependencies: mocha 6.1.4 -> 8.3.2, nyc 14.1.0 -> 15.1.0 Upgrade devDependencies, deprecate node 8 Apr 28, 2021
@richardm-stripe
Copy link
Contributor Author

I agree but we should do that in a major.

ob-stripe
ob-stripe approved these changes Apr 28, 2021
View reviewed changes
Copy link
Contributor

@ob-stripe ob-stripe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@ctrudeau-stripe ctrudeau-stripe removed their assignment May 19, 2021
seang-stripe
seang-stripe approved these changes May 21, 2021
View reviewed changes
Copy link

@seang-stripe seang-stripe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@richardm-stripe richardm-stripe changed the title Upgrade devDependencies, deprecate node 8 Upgrade devDependencies May 21, 2021
@richardm-stripe richardm-stripe merged commit 45960cd into master May 21, 2021
@richardm-stripe richardm-stripe deleted the richardm-bump-mocha branch May 21, 2021 03:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ob-stripe ob-stripe ob-stripe approved these changes

@seang-stripe seang-stripe seang-stripe approved these changes

Assignees

@richardm-stripe richardm-stripe

Labels
future
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@richardm-stripe @ob-stripe @seang-stripe @ctrudeau-stripe