Owen Leonard
78bf5b3ec6
This patch updates the version requirements for modules used by yarn. Running "yarn upgrade" will upgrade the project's direct dependencies as listed in package.json. However, the output of "yarn audit" will identify more vulnerabilities with libraries further down the dependency tree. Adding a "resolutions" list in package.json seems to be the way to include these upgrades in an installation. After making these changes I ran "yarn install" and "yarn audit" again. The audit reported no vulnerabilities. Upgrading yarn.lock should allow for the installation of newer versions of npm modules in new installations. I believe it is necessary to run "yarn upgrade" on existing installations in order to bring dependencies up to versions matching those on existing installations. To test, run the yarn commands we use to compile SCSS in the staff client and the opac: yarn build yarn build --view opac They should complete without error. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
34 lines
794 B
JSON
34 lines
794 B
JSON
{
|
|
"name": "koha",
|
|
"description": "Koha is distributed under the GNU GPL version 3 or later.",
|
|
"main": "gulpfile.js",
|
|
"directories": {
|
|
"doc": "docs",
|
|
"test": "test"
|
|
},
|
|
"dependencies": {
|
|
"gulp": "^3.9.1",
|
|
"gulp-autoprefixer": "^4.0.0",
|
|
"gulp-cssnano": "^2.1.2",
|
|
"gulp-sass": "^3.1.0",
|
|
"gulp-sourcemaps": "^2.6.1",
|
|
"gulp-util": "^3.0.8"
|
|
},
|
|
"devDependencies": {},
|
|
"scripts": {
|
|
"build": "node_modules/.bin/gulp build",
|
|
"css": "node_modules/.bin/gulp css",
|
|
"watch": "node_modules/.bin/gulp watch"
|
|
},
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "git://git.koha-community.org/koha.git"
|
|
},
|
|
"resolutions": {
|
|
"minimatch": "^3.0.2",
|
|
"lodash": "^4.17.12",
|
|
"js-yaml": "^3.13.1"
|
|
},
|
|
"author": "",
|
|
"license": "GPL-3.0"
|
|
}
|