Skip to content

Commit

Permalink
chore: updated node-fetch version to 2.6.7 (#124)
Browse files Browse the repository at this point in the history 
* chore: updated node-fetch version to 2.6.7

* build: use node 16.x instead of 15.x
  • Loading branch information
@dlafreniere
dlafreniere committed Jan 20, 2022
1 parent efed703 commit a3b3a94
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Expand Up @@ -31,7 +31,7 @@ jobs:
strategy:
fail-fast: false
matrix:
node-version: [10.x, 12.x, 14.x, 15.x]
node-version: [10.x, 12.x, 14.x, 16.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
steps:
- uses: actions/checkout@v2
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Expand Up @@ -70,7 +70,7 @@
"url": "https://github.com/lquixada/cross-fetch/issues"
},
"dependencies": {
"node-fetch": "2.6.5"
"node-fetch": "2.6.7"
},
"devDependencies": {
"@commitlint/cli": "12.0.1",
Expand Down

1 comment on commit a3b3a94

@DanielRuf
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any good reasons why the version numbers are pinned (which prevents some security and patch updates)?
Them SemVer selector ^ should be not problematic.

Besides this, if you want to pin the version of all dependencies and their dependencies, there is npm-shrinkwrap. Otherwise users would have to install with npm i cross-fetch --save-exact or similar. See also https://docs.npmjs.com/cli/v6/commands/npm-install

Please sign in to comment.