Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node bump #223

Merged
merged 5 commits into from
Dec 12, 2022
Merged

Node bump #223

merged 5 commits into from
Dec 12, 2022

Conversation

duncdrum
Copy link
Contributor

@duncdrum duncdrum commented Dec 6, 2022
edited
Loading

close #222

bumps node to 18, lots of vulnerability fixes, more could be done, but I think this is fit for a maintenance release. Could be a major release, as we are deprecating older versions of node during build time.

P.S.: once this is merged we should check #215

@duncdrum duncdrum marked this pull request as ready for review December 6, 2022 07:27
@duncdrum duncdrum requested a review from line-o December 6, 2022 07:28
@duncdrum
Copy link
Contributor Author

@line-o mind taking a look and merging?

@line-o
Copy link
Member

line-o commented Dec 10, 2022

The version has to be 4.0.0-snapshot as the processor version must be 6.1.0 because of slf4japi version is now v2

@line-o
Copy link
Member

line-o commented Dec 10, 2022

See my open PR

@duncdrum
🐞 fix: address review
adc1c98 
bump version and exist core depdendency

BREAKING CHANGES: Bumps required exist version to development version

see #210
@duncdrum
Copy link
Contributor Author

@line-o ok I see, however, the changes to slf4japi are unrelated to the changes in this PR. The version bump should have been made with those earlier PRs.

If we bump the processor dependency now, without a published jar file, we can no longer compile monex, or create releases from the main branch. Which leaves us two options:

  • merge to main, but without a release
  • create a special release branch, reverting the slf4japi changes to cut a security release from.
  • reverting the changes on main would break ongoing tests of develop so that's not really an option.

I don't really care which way, having a security release would probably be nicest for users.

I have no idea where I can find the exist.java-api.version not sure if we're in lockstep or if it needs to change from 5.4.0

@line-o line-o merged commit c11ba05 into master Dec 12, 2022
@line-o line-o deleted the node-bump branch December 12, 2022 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joewiz joewiz joewiz approved these changes

@reinhapa reinhapa reinhapa approved these changes

@line-o line-o Awaiting requested review from line-o

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bump node to latest LTS version
4 participants
@duncdrum @line-o @joewiz @reinhapa