Skip to content

Commit

Permalink
[INTERNAL] Depend on single version of estraverse dependency
Browse files Browse the repository at this point in the history 
Since the "self-protection" mechanism of JSModuleAnalyzer [1] is
highly dependent on the set of possible node types provided by
estraverse, we often saw problems in consuming projects after new
releases of estraverse. We typically only notice these after the
automatic dependency update every Sunday. Our unit tests detect these
issues.

This change forces consumers to use a version of estraverse that is
supported by JSModuleAnalyzer. Version updates will only happen
through pull requests created by dependabot.

[1]: https://github.com/SAP/ui5-builder/issues/309#issuecomment-521108883
  • Loading branch information
@RandomByte
RandomByte committed Aug 6, 2020
1 parent a510920 commit 21c8678
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@
"escodegen": "^1.14.3",
"escope": "^3.6.0",
"esprima": "^4.0.1",
"estraverse": "^5.2.0",
"estraverse": "5.2.0",
"globby": "^11.0.1",
"graceful-fs": "^4.2.4",
"jsdoc": "^3.6.5",
Expand Down

0 comments on commit 21c8678

Please sign in to comment.