Unpin and upgrade dependencies#263
Conversation
|
🙏🥺 |
| expect(format(formatted, { parser: 'babel' })).toEqual( | ||
| `// first comment | ||
| // second comment | ||
|
|
There was a problem hiding this comment.
I don't see the point adding new lines ? Is this coming from an IDE formater ?
There was a problem hiding this comment.
They are generated after @babel/generator >=7.19.x.
There was a problem hiding this comment.
With 7.19.3 the tests pass, but 7.19.4 they fail. Probably due to this PR: babel/babel#14979
There was a problem hiding this comment.
@Eldemarkki The PR tagged as 8.0.0-alpha.2 but the changelog saids released under 7.19.4.
Did they just messed up the release?
There was a problem hiding this comment.
seems its an unvoidable breaking change
|
@ayusharma Could you help with reviewing this? |
byara
left a comment
byara
left a comment
There was a problem hiding this comment.
Thank you for your contribution. Other than the new lines added to the snapshots, this looks good to me.
Can we figure out a way not to add those new lines? Otherwise, this is a breaking change
I couldn't find any |
|
The change for babel traverse is release in v4.2.1 |
harryzcy
changed the title
|
This should be addressed in the v5. Please feel free to reopen in there is an issue. |
v5 looks to have updated the dependencies but kept them pinned. prettier-plugin-sort-imports/package.json Lines 36 to 41 in 35d7b0b That means next time there's a vulnerability found, we will again need to wait for an update here, or override the dependencies. I can't reopen, since it's not my PR. |
|
FYI @StavNoyAkur8 #322 |
8 participants
Upgrade
@babel-traverseto non-vulnerable version 7.23.2. CVE-2023-45133Unpin dependencies to permit future upgrades, without changing prettier-plugin-sort-imports.
Fix #262