sparkbox/sparkle

Next Standard Version security vulnerability

zastrow opened this issue · 1 comments

Our NPM publishing process uses vidavidorra/next-standard-version, which has not been updated in almost a year. Running npm audit requires downgrading from 2.1.2 to 1.0.1 which introduces CLI breaking changes and perhaps others. The next-standard-version repo has a PR to fix this issue that was opened August 2020, so, we likely need a different solution.

  1. We could look into a different tool for this task and rewrite the process as needed.
  2. We fork vidavidorra/next-standard-version and apply the dependency updates.

@zastrow see #77. Using standard-version --dry-run to manage this release flow. Should probably get input from @jordanleven on this.