Skip to content

Do not depend on github-changes #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nicolasstucki opened this issue Jul 31, 2019 · 3 comments
Closed

Do not depend on github-changes #45

nicolasstucki opened this issue Jul 31, 2019 · 3 comments

Comments

@nicolasstucki
Copy link
Contributor

Last version was published 2 years ago and it has transitive dependencies that have security warnings .

https://www.npmjs.com/package/github-changes
@nicolasstucki nicolasstucki mentioned this issue Jul 31, 2019
Closed
@nicolasstucki
Copy link
Contributor Author

We only use it here

vscode-scala-syntax/bin/ci-release.sh

Line 31 in 17a7bdb

yarn github-changes -o scala -r vscode-scala-syntax --no-merges -t "Scala Syntax (official) Changelog" -k $GITHUB_TOKEN

@nicolasstucki
Copy link
Contributor Author

nicolasstucki commented Aug 1, 2019
edited
Loading

This code was copied from
https://github.com/scalameta/metals-vscode/blob/65cf8d10638f437b966a216a9d27225b362dee46/.travis.yml#L29

@gabro do you remember what this command did exactly? I wonder if there is a newer library that would do the same.

@gabro
Copy link
Contributor

gabro commented Aug 1, 2019

@nicolasstucki that command generates https://github.com/scalameta/metals-vscode/blob/master/CHANGELOG.md

The library was picked arbitrarily (literally the first one that did the job I needed) so there may be newer alternatives.

That said, the library is not even used by the plugin, so you can avoid the security warning by removing the dependency and installing it ad-hoc in the CI.

Something like:

npx github-changes -o scalameta -r metals-vscode --no-merges -t "VSCode Extension Changelog" -k $GITHUB_TOKEN

nicolasstucki added a commit that referenced this issue Oct 3, 2019
@nicolasstucki
Merge pull request #60 from nicolasstucki/fix-#45
2f00761 
Fix #45: Use npx to execute github-changes
nicolasstucki added a commit to nicolasstucki/vscode-scala-syntax that referenced this issue Oct 7, 2019
@nicolasstucki
Revert "Fix scala#45: Use npx to execute github-changes"
14d22e4 
This reverts commit aaa8332.
nicolasstucki added a commit that referenced this issue Oct 7, 2019
@nicolasstucki
Merge pull request #65 from nicolasstucki/revert-npx
6c006cd 
Revert "Fix #45: Use npx to execute github-changes"
nicolasstucki added a commit to nicolasstucki/vscode-scala-syntax that referenced this issue Oct 7, 2019
@nicolasstucki
Revert "Revert "Fix scala#45: Use npx to execute github-changes""
d83ed44 
This reverts commit 14d22e4.
nicolasstucki added a commit that referenced this issue Oct 7, 2019
@nicolasstucki
Merge pull request #66 from nicolasstucki/reenable-npx
7b5e29e 
Revert "Revert "Fix #45: Use npx to execute github-changes""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gabro @nicolasstucki