Skip to content

added package.json with specific versions as recommended by Git #569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 25, 2022
Merged

added package.json with specific versions as recommended by Git #569

merged 2 commits into from
Jan 25, 2022

Conversation

aremo-ms
Copy link
Contributor

Purpose

Added package.json under every wwwroot/lib/bootstrap as recommended by GitHub automation

@aremo-ms aremo-ms marked this pull request as ready for review January 25, 2022 15:24
jmprieur
jmprieur approved these changes Jan 25, 2022
View reviewed changes
Copy link
Contributor

@jmprieur jmprieur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Thanks @aremo-ms

@v-michaelmi
Copy link
Contributor

v-michaelmi commented Jan 25, 2022
edited
Loading

Are you sure these are dependencies and not just devDependencies?

Would shell.js be needed for a production build?

@aremo-ms
Copy link
Contributor Author

Are you sure these are dependencies and not just devDependencies?

Would shell.js be needed for a production build?

I just did what was suggested, And this is a sample
image

@v-michaelmi
Copy link
Contributor

v-michaelmi commented Jan 25, 2022
edited
Loading

Ideally it wouldn't matter because you're right it is just a sample but it's good hygiene.

Looking at the bootstrap library referenced it seems that it is a devDependency and not a pure dependency.

image

@aremo-ms
Copy link
Contributor Author

Ideally it wouldn't matter because you're right it is just a sample but it's good hygiene.

Looking at the bootstrap library referenced it seems that it is a devDependency and not a pure dependency.

image

I'm fine to fix it, but I don't see markdown-it dependency for bootstrap. Ideas?

@v-michaelmi
Copy link
Contributor

Indeed.

Much more annoying is I'm not seeing that dependency in any of the other jQuery libraries neither. Not sure where that's coming from.

@v-michaelmi
Copy link
Contributor

v-michaelmi commented Jan 25, 2022
edited
Loading

After giving it a second look it seems that dependabot is 'guessing' what those dependencies could be since the package.json file isn't there and is picking markdown-it as a possible library dependency. But I will need to confirm that. I'm not seeing anything here that uses that.

@aremo-ms
Copy link
Contributor Author

After giving it a second look it seems that dependabot is 'guessing' what those dependencies could be since the package.json file isn't there and is picking markdown-it as a possible library dependency. But I will need to confirm that. I'm not seeing anything here that uses that.

I'm changing both to devDependencies

@v-michaelmi
Copy link
Contributor

@aremo-ms

LGTM

@aremo-ms aremo-ms merged commit b53b89b into master Jan 25, 2022
@jmprieur jmprieur deleted the aremo-ms/Security-Vulnerabilities branch February 2, 2022 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmprieur jmprieur jmprieur approved these changes

@v-michaelmi v-michaelmi v-michaelmi approved these changes

@kalyankrishna1 kalyankrishna1 Awaiting requested review from kalyankrishna1

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aremo-ms @v-michaelmi @jmprieur