-
Notifications
You must be signed in to change notification settings - Fork 280
Update dependencies that were effectively downgraded & remove some unused dependencies #969
Conversation
Thanks! This is definitely a good idea. It will take me some time to check licensing etc. of the packages, will track the progress here:
|
@realityking I think once the |
0ec5369
to
0ea97f6
Compare
Thanks @honzajavorek! I pushed a new version without the bump for As for |
Let's wait just a little bit, my hunch would be this one could get resolved in a timely manner. It's Airbnb, they could care about licensing 😄 |
0ea97f6
to
de3c192
Compare
Note that the "license" field in package.json, which is SPDX-compliant, is more than sufficient, the actual LICENSE file is not required. (that said, I've merged airbnb/javascript#1746) |
@ljharb Thanks! 👍 I answered to your comment under airbnb/javascript#1746. |
It's not used anymore.
de3c192
to
fe272fb
Compare
Based on the above discussion I removed the I'll open a separate PR to track that. |
With or without the license file, the dependency is MIT licensed; there should be no need to remove it. |
@ljharb I'm sorry, but it seems the interpretation may differ from lawyer to lawyer. In that case, I may have the bad luck of having stricter lawyers behind my back. They require me to have only dependencies with copyright notice including a copyright holder and with a full license text. Vast majority of projects I've seen on npm or elsewhere just include the full license text, even the smallest ones. (Probably thanks to GitHub, which puts you the license file into the repo from the very beginning.) Observing that, I have no particular reason to fight our lawyers and persuade them that three letters are enough. I've seen myself projects using MIT licenses, but with their license wording being slightly different. I've seen I'm happy to go and contribute licenses anywhere where they're missing or file issues for discrepancies, because licenses are important, it's the main glue of the FOSS. That said, we started to properly care about licenses just about recently and any dependencies we're already using previously are a priori pardoned. So when talking about removing |
@realityking btw I'm sorry for the failing Windows builds, they got very flaky recently. I plan to focus on fixing them, but until that time I'll keep retrying the builds for you 😕 |
@honzajavorek Looks like this all passes now :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💃
@honzajavorek Would it be possible to release a new minor version that includes this PR? 🙂 |
Ha, I haven't noticed it's classified as |
Ah, good to know. Now I wish I had made #979 a |
I had another PR I wanted to make this week - let me do that now and I'll put it in as a fix :) |
Yeah, I think |
Because #969 was mistakenly classified as `chore`.
Decided not to block on DT or other PRs, this resolves the issue: #980 |
🚀 Why this change?
In the move to fixed dependency versions (f0f200b) some dependencies were effectively downgraded as there was a newer, in-range, version at the time.
While looking at the dependencies, I also found some unused dev dependencies:
coffee-coverage
isn't used anymore after decaffeinatingMany more things that are outdated but this seem like obvious wins 🙂
📝 Related issues and Pull Requests
✅ What didn't I forget?
npm run lint