Update our dependencies in the package.json file #1827
Conversation
kripton
added
Language-JS
dependencies
|
Ah, I found the Dependabot alerts here as well. The ones related to grunt that should be fixed with this PR: The one related to Java: |
peternewman
left a comment
peternewman
left a comment
There was a problem hiding this comment.
LGTM
Just the query about putting Grunt in verbose.
Also I know these are only dev dependencies, but do they not result in any changes to the generated files (e.g. improvements to the CSS minimisation), in which case could you regenerate that and upload it too?
Indeed, the generated files differ a little. However, since those files are "blobs" and increase the git history / clone size I'd rather update those files only when required, when the actual behaviour should be changed. If you want me to commit the updated files nevertheless, I can of course do so. |
I can certainly see the logic in that, but I'm tempted to go the other way just so we get more testing and exposure of those files, in the unlikely event the changes break something, someone ought to spot sooner, and if they don't and they're smaller then users will benefit from smaller downloads instead! |
kripton
force-pushed
the
updateNodeDependencies
branch
from
75aba44 to
8aca621
Compare
Don't expect stuff to get smaller at dependency updates ;) I pushed the newly generated files and will merge this one all CI checks are green |
😆 I was vaguely hoping that a minifier might get more efficient at some point...
Lovely thanks! |
3 participants
I get mails weekly from GitHub/Dependabot stating that our dependencies in the package.json file contain vulnerabilities. This update reduces them a little. Before:
After:
I ran all defined tasks locally and they all still run fine. The change in the Gruntfile is required since one plugin changed their config a little.
Dependabot complains about "junit" in the "pom.xml" as well. I will check if I can fix & test that as well