Wouldn't it be good to create a 1.0.0-rc.4 branch and publish to NPM? This way we could get the security updates even if 1.0.0 is not finished yet.
is there an issue tracking the 1.0.0 release? What is left to be done?
Here it is, @jessbowers-DSS: https://github.com/cheeriojs/cheerio/projects/1
Or, it's a project =)
@matthewmueller, @fb55 or @jugglinmike ?
Made a pull request: https://github.com/cheeriojs/cheerio/pull/1499
Updated lodash to safe version and added the two working Dependabot updates too, from these PR's:
https://github.com/cheeriojs/cheerio/pull/1498
https://github.com/cheeriojs/cheerio/pull/1497
Thanks for the merging the PR @fb55! Would it be possible to push a new version to NPM too?
Btw we can try to get rid of lodash
https://github.com/cheeriojs/cheerio/pull/1500
I was thinking that just get security fixes out now, and then continue the work on final v1.0.0 without any hasty changes =)
Seems it's going to be a bit more substantial stuff added to rc.4: https://github.com/cheeriojs/cheerio/pull/1499#issuecomment-702927169, @TrySound =)
Quick update here: I just opened #1564 and #1565. I'll keep them open for a few days to allow people to review. Once they are merged, I will cut a new RC.
Published 1.0.0-rc.4!
Most helpful comment
Btw we can try to get rid of lodash
https://github.com/cheeriojs/cheerio/pull/1500