From e5bc4552015b71678102fd922609ef184502410c Mon Sep 17 00:00:00 2001 From: Merlin Beutlberger Date: Thu, 6 Aug 2020 19:38:13 +0200 Subject: [PATCH] [DEPENDENCY] Pin estraverse to v5.1.0 Since the "self-protection" mechanism of our JSModuleAnalyzer [1] is highly dependent on the set of possible node types provided by estraverse, we often saw problems in consuming projects after new releases of estraverse. With estraverse@5.2.0 this is yet again the case. This change forces consumers to use a version of estraverse that is supported by JSModuleAnalyzer (currently 5.1.0). Version updates will only happen through pull requests created by dependabot. [1]: https://github.com/SAP/ui5-builder/issues/309#issuecomment-521108883 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 10ebb1ce0..c1e007562 100644 --- a/package.json +++ b/package.json @@ -105,7 +105,7 @@ "escodegen": "^1.14.3", "escope": "^3.6.0", "esprima": "^4.0.1", - "estraverse": "^5.1.0", + "estraverse": "5.1.0", "globby": "^11.0.1", "graceful-fs": "^4.2.4", "jsdoc": "^3.6.5",