New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update node-pre-gyp #219
Update node-pre-gyp #219
Conversation
Why is that needed? |
There has been a security vulnerability with |
I'm keen to see this merged too - this change fixes a nested vuln (via the bundled deps), which is causing issues filed against upstream packages (in my case, I've already had two nodemon issues raised because of npm's new audit tool). |
This commit should probably keep the caret, i.e. |
Is there some benefit to having outdated dependencies? |
@@ -5,7 +5,7 @@ | |||
"main": "fsevents.js", | |||
"dependencies": { | |||
"nan": "^2.9.2", | |||
"node-pre-gyp": "^0.9.0" | |||
"node-pre-gyp": "0.10.0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing ^
That should have been fixed by the upgrade to node-pre-gyp@0.9.0, see discussion in #201. I don't see any upgrades to deep-extend between 0.9.0 and 0.10.0 so I doubt this fixes anything. |
And the tree looks like this:
However I just noticed that Seems like I overlooked that. |
No description provided.