Skip to content

Bump dependencies and require Node.js 6 #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sindresorhus merged 1 commit into from
Oct 10, 2018
Merged

Bump dependencies and require Node.js 6 #14

sindresorhus merged 1 commit into from
Oct 10, 2018

Conversation

@bbbco
Copy link
Contributor

@bbbco bbbco commented May 21, 2018
edited
Loading

Bump download dependency in order to address vulnerability found in the tunnel-agent package downstream. See https://nodesecurity.io/advisories/598

Unfortunately, the download package decided to drop support for Node 4 as well. Considering the state of where we are in the evolution of Node, we might as well drop it here too and enable support for Node 10.

I also bumped the minor version of the package.

@bbbco bbbco mentioned this pull request May 29, 2018
Closed
XhmikosR
XhmikosR reviewed Jun 21, 2018
View reviewed changes
package.json Outdated
{
"name": "bin-build",
"version": "3.0.0",
"version": "3.1.0",
Copy link

@XhmikosR XhmikosR Jun 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You shouldn't touch this; it's the maintainer's job/choice.

Copy link

@XhmikosR XhmikosR Jun 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let alone, this should be a major bump due to the node.js version requirement bump.

Copy link
Contributor Author

@bbbco bbbco Jun 21, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thx for the advice. I have reverted that updated, and rebased.

@XhmikosR
Copy link

XhmikosR commented Jun 21, 2018

Ping @kevva

@bbbco
Bump download dependency in order to address vulnerability found in t…
61b5605 
…he tunnel-agent package downstream. See https://nodesecurity.io/advisories/598 .

Note: xo 0.21 requires Node 6+ , so we drop support for Node 4 because the new download package doesn't even support it, and add support for Node 10
@rejas
Copy link

rejas commented Jul 11, 2018

Download v7.1.0 https://github.com/kevva/download/releases/tag/v7.1.0 got released, maybe you should update the dependencies accordingly?

@rejas
Copy link

rejas commented Jul 24, 2018

Ping @kevva :-)

@Chris3773
Copy link

Chris3773 commented Sep 1, 2018

Ping @kevva

@sindresorhus sindresorhus changed the title Bump download package to address downstream package vulnerability Bump dependencies and require Node.js 6 Oct 10, 2018
@sindresorhus sindresorhus merged commit ab40a3f into kevva:master Oct 10, 2018
@stof
Copy link

stof commented Jun 11, 2020

Any plan to release this ?

Looking at the image-webpack-loader dependency tree, I found out that optipng-bin (and other similar tool packages used by imagemin-* packages) depend on both bin-build and bin-wrapper, but end up installing 2 different versions of download (which has a large tree), because this migration to download 7 has never been released (with bin-wrapper uses version 7).

@1000ch
Copy link

1000ch commented Oct 16, 2021

@kevva @sindresorhus could you release the new version with this change? ideally #17 as well.

@kumarrishav
Copy link

kumarrishav commented Apr 12, 2022

Hi team,
can we release this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@XhmikosR XhmikosR XhmikosR left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@bbbco @XhmikosR @rejas @Chris3773 @stof @1000ch @kumarrishav @sindresorhus