Bump websocket-extensions from 0.1.3 to 0.1.4 #8
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4. - [Release notes](https://github.com/faye/websocket-extensions-node/releases) - [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md) - [Commits](faye/websocket-extensions-node@0.1.3...0.1.4) Signed-off-by: dependabot[bot] <[email protected]>
|
So I tested this change out in my fork, and everything seemed to work fine (fork, fork website). So I wouldn't be opposed to merging the PR. However, I am not so sure what the policy should be for changing the package-lock.json file. I would assume the change would eventually be added through packages changing their dependencies in the package.json file. Regardless, it shouldn't hurt anything if you want to merge it. I'll just let @LovelySanta decide. |
|
package-lock.json is created while running |
|
My understanding of the package-lock.json file, builds a dependency graph from your package.json file. This has a side effect of locking the dependency versions in place to what was pulled in the last time you run So for example, say one of the dependencies in our package.json file had a dependency on websockets-extensions |
|
Ok, I'll test this on my system when I have time (probably in 2 weeks or so) |
|
Yeah, it should be exact same on your system. The package-lock.json file will only regenerate if you delete it and run Just saying that, because my last message was a mess to re-read. I should probably learn how to proof read. 😄 |
Bumps websocket-extensions from 0.1.3 to 0.1.4.
Changelog
Sourced from websocket-extensions's changelog.
Commits
8efd0cdBump version to 0.1.43dad4adRemove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser4a76c75Add Node versions 13 and 14 on Travis44a677aFormatting change: {...} should have spaces inside the bracesf6c50abLet npm reformat package.json2d211f3Change markdown formatting of docs.0b62083Update Travis target versions.729a465Switch license to Apache 2.0.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.