[GitHub] [incubator-superset] nytai commented on issue #8573: bump packages with security vulnerabilities

[GitBox <gi...@apache.org>]

nytai commented on issue #8573: bump packages with security vulnerabilities
URL: https://github.com/apache/incubator-superset/pull/8573#issuecomment-554558949
 
 
   @etr2460 definitely not intentional. 
   
   `cypress` isn't listed anywhere in dependencies/dev-dependencies, which is probably why my run of `npm install` caused it to be removed. I see there is a install cypress script: `"install-cypress": "npm install cypress@3.4.1"`. My guess is that whoever updated the package lock file last had run that command before. 
   
   I ran the script, and since I'm running npm5 (which defaults to `--save`), cypress was added as a dependency in package.json. Do you know if there's a reason/history for the `install-cypress` script and not just listing it as a dependency?  Additionally do you know if there's a reason for _not_ list it as a dependency?
   
   I've updated the pr with what happened after I:
   - `npm run install-cypress`
   - `npm install`
   - `git rebase master`
   
   Looks like now I'm adding cypress in both package.json and package-lock.json 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org