Skip to content

Upgrade merge from 1.2.1 to 2.1.1 #558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 28, 2021
Merged

Upgrade merge from 1.2.1 to 2.1.1 #558

merged 1 commit into from
Jun 28, 2021

Conversation

@tmarkley
Copy link
Contributor

@tmarkley tmarkley commented Jun 25, 2021

Description

Addresses GHSA-7wpw-2hjm-89gp

Bumps merge from 1.2.1 to 2.1.1

Merge 1.2.1 is a downstream dependency of sass-lint which is an unmaintained repo without any newer versions. I've opened #551 to address this as a longer-term solution.

Before

$ yarn why merge
yarn why v1.22.10
[1/4] Why do we have the module "merge"...?
[2/4] Initialising dependency graph...
warning Resolution field "typescript@4.0.2" is incompatible with requested version "typescript@~3.7.2"
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "merge@1.2.1"
info Reasons this module exists
   - "_project_#sass-lint" depends on it
   - Hoisted from "_project_#sass-lint#merge"
info Disk size without dependencies: "28KB"
info Disk size with unique dependencies: "28KB"
info Disk size with transitive dependencies: "28KB"
info Number of shared dependencies: 0
Done in 1.35s.

Testing

Screen Shot 2021-06-25 at 4 35 41 PM

Issues Resolved

N/A

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

Upgrade merge from 1.2.1 to 2.1.1
5e8d69c 
Addresses GHSA-7wpw-2hjm-89gp

Bumps [merge](https://github.com/yeikos/js.merge) from 1.2.1 to 2.1.1
- [Release notes](https://github.com/yeikos/js.merge/releases)
- [Commits](swordev/merge@v1.2.1...v2.1.1)

Merge 1.2.1 is a downstream dependency of `sass-lint` which is an
unmaintained repo without any newer versions. I've opened [opensearch-project#551](opensearch-project#551)
to address this as a longer-term solution.

Signed-off-by: Tommy Markley <markleyt@amazon.com>
@tmarkley tmarkley added dependencies Pull requests that update a dependency file v1.0.0 labels Jun 25, 2021
@tmarkley tmarkley requested review from ananzh and kavilla June 25, 2021 21:36
@opensearch-ci-bot
Copy link
Collaborator

opensearch-ci-bot commented Jun 25, 2021

✅   DCO Check Passed 5e8d69c

ananzh
ananzh approved these changes Jun 28, 2021
View reviewed changes
Copy link
Member

@ananzh ananzh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

@tmarkley tmarkley merged commit 318d23b into opensearch-project:main Jun 28, 2021
@tmarkley tmarkley deleted the deps-merge branch June 28, 2021 17:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kavilla kavilla kavilla approved these changes

@ananzh ananzh ananzh approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file v1.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tmarkley @opensearch-ci-bot @kavilla @ananzh