Bumping all packages that have minor and patch updates available #4453
Conversation
|
So this is getting pretty complicated. The The dependencies I can find that are using Am I meant to fork this dependency as well? Seems like not the best solution to the problem. The bigger discussion is obviously backwards compatibility so looping in @JedWatson and @molomby so we can resolve this and move on. |
|
@JedWatson I say we bump Keystone 4 to node ^6 for this next release. Maybe also open an issue along the lines of "Keystone 4 is not compatible with node version 5.x or earlier" to discuss and document the decision. We can always increase backward compatibility in future KS 4 releases. Lets just cut scope and get it out. |
|
@molomby agreed. The decision was made a long time ago and I think we need to move on. Let's open an issue separately for the update so it gets the proper visibility though, and not do it before the next beta release. |
|
@vitalbone can you update this PR to exclude those packages that have a requirement (or a dependency with a requirement) for node 6, and we'll update those after the next release? |
- knox has been replaced with keystonejs/knox as the package is not being maintained anymore and has a `*` for `mime` - [email protected] uses [email protected] (which is compatible with node <=6.x)
|
@jed I have downgraded |
# Conflicts: # package.json # yarn.lock
|
@molomby Probably worth checking the changes made to the Password tests, re: security fixes. |
|
Working locally and tested reasonably thoroughly via |
Description of changes
Updating all packages that aren't a major version upgrade.
Related issues (if any)
Very much related to conversations happening here and here.
Testing
npm run test-allran successfully.