Skip to content

Upgrade outdated packages for Dependabot and fix tests so they pass#44

Open
akre54 wants to merge 1 commit intoniksy:masterfrom
akre54:upgrade-packages
Open

Upgrade outdated packages for Dependabot and fix tests so they pass#44
akre54 wants to merge 1 commit intoniksy:masterfrom
akre54:upgrade-packages

Conversation

@akre54
Copy link

@akre54 akre54 commented Oct 27, 2025

I was getting dependabot errors in my project so I wanted to upgrade the packages. That of course led to a yak-shaving exercise but thankfully the llm agent helped out.

You know the project better than I do so feel free to pull down and make changes or if you point me (and the robot) in the right direction I'm happy to update. All tests pass and I fixed 2 lint errors that were blocking commit.

akre54
akre54 commented Oct 27, 2025
View reviewed changes
package.json
},
"homepage": "https://github.com/niksy/node-stdlib-browser#readme"
"homepage": "https://github.com/niksy/node-stdlib-browser#readme",
"packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
Copy link
Author

@akre54 akre54 Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yarn added this. Happy to remove

akre54
akre54 commented Oct 27, 2025
View reviewed changes
rollup.config.js

function getConfig(filename, options = {}) {
async function getConfig(filename, options = {}) {
const cpy = (await import(/* webpackChunkName: "cpy" */ 'cpy')).default;
Copy link
Author

@akre54 akre54 Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

eslint error without this line

@akre54 akre54 mentioned this pull request Oct 27, 2025
Open
@niksy
Copy link
Owner

niksy commented Oct 28, 2025
edited
Loading

A lot of the changes are completely unrelated to updating outdated packages, and most of the updates are minor version bumps which are already covered with ^ range (see browserify/crypto-browserify#249 (comment)).

I would expect this contribution to cover why certain update is even needed, especially if it’s major version bump. If it’s just to update to major version but that breaks existing functionality (e.g. there’s a reason why buffer is left at v5), that should be mentioned and then we can proceed to see if we need to do a major version bump.

Security fixes are usually carried down to lower versions so in most cases this can be left as-is.

@akre54
Copy link
Author

akre54 commented Oct 28, 2025

Hi @niksy thanks for the response.

A lot of the changes are completely unrelated to updating outdated packages

The tests or lint weren't completing without those fixes, and husky wouldn't let me commit without both passing. Give it a try on a fresh install.

most of the updates are minor version bumps which are already covered with ^ range

Yeah I'm not sure why I'm getting outdated patch versions then.

My goal is to upgrade the dependencies to silence a few security warnings I'm getting on my own project via a transitive dependency, and most of the warnings point to this project. I figured I'd just submit a patch but like so many version upgrades, it's often not enough to just bump a version and have things running smoothly, unfortunately.

Like I said, I'm happy to revert or down-scope or revert if you need. Just trying to be of assistance keeping this dep up to date. Feel free to run your project the way you like.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@akre54 @niksy