Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump update-notifier to clear dependabot errors when installing vercel cli #8878

Closed
wants to merge 4 commits into from
Closed

bump update-notifier to clear dependabot errors when installing vercel cli #8878

wants to merge 4 commits into from

Conversation

osdiab
Copy link

@osdiab osdiab commented Nov 9, 2022
edited

Related Issues

Fixes #8877

also btw ava also was an old version that depends on the got version that has a moderate vulnerability, but bumping it causes integration tests to fail so shrug

馃搵 Checklist

Tests

  • N/A The code changed/added as part of this PR has been covered with tests
  • All tests pass locally with yarn test-unit

Code Review

  • This PR has a concise title and thorough description useful to a reviewer
  • Issue from task tracker has a link to this PR (i dont know what this means)

@osdiab osdiab marked this pull request as ready for review November 9, 2022 04:57
@osdiab osdiab changed the title bump versions of libraries that use got to clear dependabot errors bump update-notifier to clear dependabot errors Nov 9, 2022
@osdiab osdiab changed the title bump update-notifier to clear dependabot errors bump update-notifier to clear dependabot errors when installing vercel cli Nov 9, 2022
@cb1kenobi
Copy link
Contributor

Hello, thank you for the pull request! Instead of upgrading update-notifier, we have decided to replace update-notifier with a different implementation which addresses the security warnings as well as reduces the install size of the CLI. You can check it out here: #8090.

@cb1kenobi cb1kenobi closed this Nov 9, 2022
@EndangeredMassa EndangeredMassa mentioned this pull request Nov 15, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TooTallNate TooTallNate Awaiting requested review from TooTallNate TooTallNate is a code owner

@EndangeredMassa EndangeredMassa Awaiting requested review from EndangeredMassa EndangeredMassa is a code owner

@styfle styfle Awaiting requested review from styfle

@cb1kenobi cb1kenobi Awaiting requested review from cb1kenobi

@Ethan-Arrowood Ethan-Arrowood Awaiting requested review from Ethan-Arrowood

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Old update-notifier dependency creates dependabot security alert
2 participants
@osdiab @cb1kenobi