lodestar icon indicating copy to clipboard operation
lodestar copied to clipboard

Published 20 hours ago • verified publisher icon ChainSafe

Update outdated NPM dependencies for `lodestar-cli`

Open philknows opened this issue 2 years ago • 1 comments

This issue is to track dependencies which are outdated and fixes are available for implementation. The following lodestar-cli dependencies are outdated:

  • [ ] ini: Latest is v3.0.0 https://www.npmjs.com/package/ini
  • [ ] minimist: Latest is v1.2.6 https://www.npmjs.com/package/minimist
  • [ ] node-forge: Latest is v1.3.1 https://www.npmjs.com/package/node-forge
  • [ ] tar: Latest is v6.1.1 https://www.npmjs.com/package/tar

philknows avatar Aug 18 '22 07:08 philknows

  • ini, minimist, tar: Fixable by recreating yarn.lock
  • node-forge: Dependency of libp2p-crypto, blocked until https://github.com/ChainSafe/lodestar/pull/4427

Other old packages there because:

  • Our own dependency on "electron": "^19.0.9", @nazarhussain why not v20?
  • typedoc: to be removed with https://github.com/ChainSafe/lodestar/pull/4436

dapplion avatar Aug 18 '22 15:08 dapplion

The node-forge will be updated once @chainsafe/discv5, peer-id and libp2p is updated to latest versions.

nazarhussain avatar Sep 26 '22 15:09 nazarhussain

The ini package is deep dependency of lerna, so no need to update.

nazarhussain avatar Sep 26 '22 15:09 nazarhussain

All other critical dependencies are fixed in the PR https://github.com/ChainSafe/lodestar/pull/4597

nazarhussain avatar Sep 26 '22 15:09 nazarhussain

Still WIP.

nazarhussain avatar Sep 29 '22 12:09 nazarhussain

@nazarhussain Is there still a need to keep this specific issue open based on the comments and PRs above?

philknows avatar Feb 15 '23 23:02 philknows

We can close this issue.

nazarhussain avatar Feb 20 '23 11:02 nazarhussain