New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: resolve dependency audit issue #3226
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @jaranin-b, thanks for this, when updating dependencies you need to make sure you run an npm install
at the root of the repo so that the lock file gets updated
602ffde
to
e148b5e
Compare
Thanks @JamesHenry. Updated the lock file. |
@jaranin-b it seems extremely unlikely that this is correct: Please revert and try again. You should simply need to run |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change looks good and matches my own investigation into this issue (I've reviewed the changelogs of git-up, git-url-parse and parse-url to see if there's any breaking changes that would affect lerna, and as far as I can tell, there is not)
Note: the package-lock still needs to be fixed.
e148b5e
to
94ba123
Compare
Thanks @ThisIsMissEm @JamesHenry I've updated the lock file that generated using npm@8.12.1 |
@jaranin-b I'm sorry but you are still generating 1000s of lines of change in the lockfile which is definitely unexpected: I have recreated the change in #3231 and the change is appropriately small: In order to land this today, I am going to press ahead with #3231 but thank you very much for taking the initiative to submit this PR! |
To solve dependency audit issue: https://www.npmjs.com/advisories/1080923
Description
Motivation and Context
How Has This Been Tested?
Types of changes
Checklist: