Skip to content

[8.3.x] fix(@angular-devkit/build-angular): update tree-kill dependency to 1.2.2#16634

Merged
mgechev merged 1 commit intoangular:8.3.xfrom
clydin:update-tree-kill
Jan 13, 2020
Merged

[8.3.x] fix(@angular-devkit/build-angular): update tree-kill dependency to 1.2.2#16634
mgechev merged 1 commit intoangular:8.3.xfrom
clydin:update-tree-kill

Conversation

@clydin
Copy link
Member

@clydin clydin commented Jan 10, 2020

While the CLI is not affected by the following advisory, this change will address the audit warning and prevent any potential future usage of the package within the CLI from being affected.
Advisory: https://www.npmjs.com/advisories/1432

Closes #16629

@clydin clydin changed the title fix(@angular-devkit/build-angular): update tree-kill dependency to 1.2.2 [8.3.x] fix(@angular-devkit/build-angular): update tree-kill dependency to 1.2.2 Jan 10, 2020
@clydin
fix(@angular-devkit/build-angular): update tree-kill dependency to 1.2.2
ca700a4 
While the CLI is not affected by the following advisory, this change will address the audit warning and prevent potential future usage of the package within the CLI from being affected.
Advisory: https://www.npmjs.com/advisories/1432
@alan-agius4 alan-agius4 mentioned this pull request Jan 13, 2020
Closed
@mgechev mgechev merged commit d9c3bb3 into angular:8.3.x Jan 13, 2020
@clydin clydin deleted the update-tree-kill branch January 13, 2020 17:47
@alan-agius4 alan-agius4 mentioned this pull request Jan 13, 2020
Closed
@jplatte
Copy link

jplatte commented Jan 14, 2020

Why is @ngtools/webpack using an exact version requirement in the first place?

@alan-agius4
Copy link
Collaborator

alan-agius4 commented Jan 14, 2020

We pin all transitive dependencies to avoid unexpected breakages when a 3rd party library gets a release.

So before updating a dependency we make sure that it doesn't break any of our tests.

@ahmadabulaban
Copy link

ahmadabulaban commented Jan 15, 2020

When the new tag 8.3.23 (that contain this fix) will be available ?

@Nikhilkapoor20
Copy link

Nikhilkapoor20 commented Jan 16, 2020

Any update on this ?

@kolibrizas
Copy link

kolibrizas commented Jan 16, 2020
edited
Loading

@Nikhilkapoor20 @ahmadabulaban
According to https://www.npmjs.com/package/@angular-devkit/build-angular 0.803.23 was released a few hours ago. With it tree-kill version was updated and now npm audit succeeds.

@angular-automatic-lock-bot
Copy link

angular-automatic-lock-bot bot commented Feb 16, 2020

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Feb 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@alan-agius4 alan-agius4 alan-agius4 approved these changes

+1 more reviewer

@paprende paprende paprende approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@clydin @jplatte @alan-agius4 @ahmadabulaban @Nikhilkapoor20 @kolibrizas @paprende @mgechev @googlebot