-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update typeshed dependencies #1549
base: master
Are you sure you want to change the base?
Conversation
SonarQube Quality Gate |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we doing this update?
Is this because of the WhiteSource alert?
I'm not sure it's 100% a valid reason why we should update the dependencies.
Our goal is to declare the most commonly used version of the dependencies, and that's not a problem if they're vulnerable, as we're not actually using them.
That said, I didn't check the libraries in question and if they are actively considered deprecated and most people are on a newer version, then for sure we should update them to a more common version. It's not really a fix though, more of a simple update of our stubs.
Yes, the main goal was to satisfy the WhiteSource issue. I was told the issue came from Typeshed that's why I taught this would solve the problem. If we can ignore this check in WhiteSource then it would be preferable to do that, as we know our stubs are working correctly currently. For the update of the libraries, they are just regular updates (only cryptography is a major one). |
No description provided.