New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(package): bump package and package-lock #1636
Conversation
Thanks for opening this pull request! A contributor should be by to give feedback soon. In the meantime, please check out the contributing guidelines and explore other ways you can get involved. |
tests are passing locally |
Thank you Joseph :) |
Thank you @gr2m ❤️ |
I guess this should have been a fix commit to get a release 😢 |
🎉 This PR is included in version 12.2.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
You should have been able to re-create your lock file and update dependencies get the latest version of |
Not according to dependabot or npm audit fix on release drafter:
same for ansi-regex:
|
Note that probot uses locked version for handlebars/hbs. No usage of |
Oh I see, thank you for the clarification |
hbs
depends onhandlebars
which had a vulnerability of critical severitybumped
typedocs
as it was not compatible with the typescript version defined in dev dependencies.package-lock had a version reference to ansi-regex v4.0.1 which had a vulnerability of moderate severity.