Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
minor #2221 [Swup] For Swup's dev dependencies exclusion from our yar…
…n.lock (Kocal) This PR was merged into the 2.x branch. Discussion ---------- [Swup] For Swup's dev dependencies exclusion from our yarn.lock | Q | A | ------------- | --- | Bug fix? | yes/no | New feature? | yes/no <!-- please update src/**/CHANGELOG.md files --> | Issues | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead --> | License | MIT <!-- Replace this notice by a description of your feature/bugfix. This will help reviewers and should be a good start for the documentation. Additionally (see https://symfony.com/releases): - Always add tests and ensure they pass. - For new features, provide some code snippets to help understand usage. - Features and deprecations must be submitted against branch main. - Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry - Never break backward compatibility (see https://symfony.com/bc). --> While working on #2219, I've noticed we had a very old Rollup version that we do not use at all. The issue comes from Swup v3, which ship its **building** dependencies as **prod** dependencies, which means we install `microbundle` and all its dependencies: ``` microbundle@^0.15.1: version "0.15.1" resolved "https://registry.npmjs.org/microbundle/-/microbundle-0.15.1.tgz" integrity sha512-aAF+nwFbkSIJGfrJk+HyzmJOq3KFaimH6OIFBU6J2DPjQeg1jXIYlIyEv81Gyisb9moUkudn+wj7zLNYMOv75Q== dependencies: "`@babel`/core" "^7.12.10" "`@babel`/plugin-proposal-class-properties" "7.12.1" "`@babel`/plugin-syntax-import-meta" "^7.10.4" "`@babel`/plugin-syntax-jsx" "^7.12.1" "`@babel`/plugin-transform-flow-strip-types" "^7.12.10" "`@babel`/plugin-transform-react-jsx" "^7.12.11" "`@babel`/plugin-transform-regenerator" "^7.12.1" "`@babel`/preset-env" "^7.12.11" "`@babel`/preset-flow" "^7.12.1" "`@babel`/preset-react" "^7.12.10" "`@rollup`/plugin-alias" "^3.1.1" "`@rollup`/plugin-babel" "^5.2.2" "`@rollup`/plugin-commonjs" "^17.0.0" "`@rollup`/plugin-json" "^4.1.0" "`@rollup`/plugin-node-resolve" "^11.0.1" "`@surma`/rollup-plugin-off-main-thread" "^2.2.2" asyncro "^3.0.0" autoprefixer "^10.1.0" babel-plugin-macros "^3.0.1" babel-plugin-transform-async-to-promises "^0.8.18" babel-plugin-transform-replace-expressions "^0.2.0" brotli-size "^4.0.0" builtin-modules "^3.1.0" camelcase "^6.2.0" escape-string-regexp "^4.0.0" filesize "^6.1.0" gzip-size "^6.0.0" kleur "^4.1.3" lodash.merge "^4.6.2" postcss "^8.2.1" pretty-bytes "^5.4.1" rollup "^2.35.1" rollup-plugin-bundle-size "^1.0.3" rollup-plugin-postcss "^4.0.0" rollup-plugin-terser "^7.0.2" rollup-plugin-typescript2 "^0.32.0" rollup-plugin-visualizer "^5.6.0" sade "^1.7.4" terser "^5.7.0" tiny-glob "^0.2.8" tslib "^2.0.3" typescript "^4.1.3" ``` This PR won't impact developers, it's only for our `yarn.lock` which contains a bunch of useless dependencies, and some of them are vulnerable too (listed on https://github.com/symfony/ux/security/dependabot) Commits ------- ae52ae5 [Swup] For Swup's dev dependencies exclusion from our yarn.lock
- Loading branch information