You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pr@jena.apache.org by GitBox <gi...@apache.org> on 2022/02/18 21:13:40 UTC
[GitHub] [jena] kinow commented on pull request #1199: yarn upgrade
kinow commented on pull request #1199:
URL: https://github.com/apache/jena/pull/1199#issuecomment-1045199175
> The result of running `yarn upgrade` and no other changes.
>
> `yarn --version` is 1.22.17, installed via snap, from the node snap latest (node 16.14.0).
>
> Is this version a problem?
Shouldn't be a problem. That's the version the Maven plug-in is downloading locally as well.
```bash
kinow@ranma:~/Development/java/jena/jena/jena-fuseki2/jena-fuseki-ui$ ./node/yarn/dist/bin/yarn --version
1.22.17
```
>My working copy of Jena has received more security alerts than here (at the moment) and I think they are all addressed by this PR. None look very serious.
:+1:
>The dependabot security alert for ajv seems confused. It says it can't go past 5.5.2 but yarn.lock has 6.12.6 via a different route.
Huh, not sure how to solve that one. The `istanbul` library is not compatible with Vue 3 & Vite yet I think (https://github.com/istanbuljs/istanbuljs/issues/668), so that might go away as soon as we upgrade to Vue 3 (first e2e/functional tests, then after that I'll upgrade to Vue 3).
Maybe we could upgrade a few more dependencies? After looking at the output of `ncu`, I found a few more dependencies that can be updated (I skipped the hairy ones, like sass, and Vue 2->3).
```diff
diff --git a/jena-fuseki2/jena-fuseki-ui/package.json b/jena-fuseki2/jena-fuseki-ui/package.json
index 160077f84f..0ac135d671 100644
--- a/jena-fuseki2/jena-fuseki-ui/package.json
+++ b/jena-fuseki2/jena-fuseki-ui/package.json
@@ -14,28 +14,28 @@
"lint": "vue-cli-service lint"
},
"dependencies": {
- "@fortawesome/fontawesome-svg-core": "^1.2.36",
- "@fortawesome/free-solid-svg-icons": "^5.15.4",
+ "@fortawesome/fontawesome-svg-core": "^1.3.0",
+ "@fortawesome/free-solid-svg-icons": "^6.0.0",
"@fortawesome/vue-fontawesome": "^2.0.6",
"@triply/yasqe": "^4.2.20",
"@triply/yasr": "^4.2.21",
- "axios": "^0.25.0",
+ "axios": "^0.26.0",
"bootstrap": "^5.1.3",
"bootstrap-vue": "^2.21.2",
- "core-js": "^3.20.3",
- "follow-redirects": "^1.14.7",
+ "core-js": "^3.21.1",
+ "follow-redirects": "^1.14.9",
"vue": "^2.6.14",
"vue-router": "^3.5.3",
"vue-upload-component": "^2.8.22"
},
"devDependencies": {
- "@babel/register": "^7.16.9",
+ "@babel/register": "^7.17.0",
"@istanbuljs/nyc-config-babel": "^3.0.0",
- "@vue/cli-plugin-babel": "^4.5.15",
- "@vue/cli-plugin-e2e-cypress": "^4.5.15",
- "@vue/cli-plugin-eslint": "^4.5.15",
- "@vue/cli-plugin-unit-mocha": "~4.5.15",
- "@vue/cli-service": "^4.5.15",
+ "@vue/cli-plugin-babel": "^5.0.1",
+ "@vue/cli-plugin-e2e-cypress": "^5.0.1",
+ "@vue/cli-plugin-eslint": "^5.0.1",
+ "@vue/cli-plugin-unit-mocha": "~5.0.1",
+ "@vue/cli-service": "^5.0.1",
"@vue/eslint-config-standard": "^6.1.0",
"@vue/test-utils": "^1.3.0",
"babel-eslint": "^10.1.0",
@@ -49,9 +49,9 @@
"eslint-plugin-vue": "^8.4.0",
"istanbul-instrumenter-loader": "^3.0.1",
"nyc": "^15.1.0",
- "sass": "^1.49.0",
+ "sass": "^1.49.8",
"sass-loader": "^10.1.1",
- "sinon": "^12.0.1",
+ "sinon": "^13.0.1",
"vue-template-compiler": "^2.6.14"
},
"resolutions": {
```
And then run `yarn install`. WDYT?
Thanks!
Bruno
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: pr-unsubscribe@jena.apache.org
For additional commands, e-mail: pr-help@jena.apache.org