Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.3.x] fix(@angular-devkit/build-angular): update tree-kill dependency to 1.2.2 #16634

Merged
merged 1 commit into from Jan 13, 2020

Conversation

@clydin
Copy link
Member

clydin commented Jan 10, 2020

While the CLI is not affected by the following advisory, this change will address the audit warning and prevent any potential future usage of the package within the CLI from being affected.
Advisory: https://www.npmjs.com/advisories/1432

Closes #16629

@googlebot googlebot added the cla: yes label Jan 10, 2020
@clydin clydin changed the title fix(@angular-devkit/build-angular): update tree-kill dependency to 1.2.2 [8.3.x] fix(@angular-devkit/build-angular): update tree-kill dependency to 1.2.2 Jan 10, 2020
While the CLI is not affected by the following advisory, this change will address the audit warning and prevent potential future usage of the package within the CLI from being affected.
Advisory: https://www.npmjs.com/advisories/1432
@clydin clydin force-pushed the clydin:update-tree-kill branch from 4743a86 to ca700a4 Jan 10, 2020
@mgechev mgechev merged commit d9c3bb3 into angular:8.3.x Jan 13, 2020
18 of 19 checks passed
18 of 19 checks passed
ci/angular: merge status Missing required status "ci/circleci: test-large-ve", missing required status "ci/circleci: e2e-cli-ve"
ci/angular: size No size change against base branch.
ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: build-bazel Your tests passed on CircleCI!
Details
ci/circleci: e2e-cli Your tests passed on CircleCI!
Details
ci/circleci: e2e-cli-ivy Your tests passed on CircleCI!
Details
ci/circleci: e2e-cli-ng-ivy-snapshots Your tests passed on CircleCI!
Details
ci/circleci: e2e-cli-ng-snapshots Your tests passed on CircleCI!
Details
ci/circleci: flake-jail Your tests passed on CircleCI!
Details
ci/circleci: lint Your tests passed on CircleCI!
Details
ci/circleci: setup Your tests passed on CircleCI!
Details
ci/circleci: setup-and-build-win Your tests passed on CircleCI!
Details
ci/circleci: test Your tests passed on CircleCI!
Details
ci/circleci: test-browsers Your tests passed on CircleCI!
Details
ci/circleci: test-large Your tests passed on CircleCI!
Details
ci/circleci: test-large-ivy Your tests passed on CircleCI!
Details
ci/circleci: test-win Your tests passed on CircleCI!
Details
ci/circleci: validate Your tests passed on CircleCI!
Details
cla/google All necessary CLAs are signed
@clydin clydin deleted the clydin:update-tree-kill branch Jan 13, 2020
@jplatte

This comment has been minimized.

Copy link

jplatte commented Jan 14, 2020

Why is @ngtools/webpack using an exact version requirement in the first place?

@alan-agius4

This comment has been minimized.

Copy link
Collaborator

alan-agius4 commented Jan 14, 2020

We pin all transitive dependencies to avoid unexpected breakages when a 3rd party library gets a release.

So before updating a dependency we make sure that it doesn't break any of our tests.

@ahmadabulaban

This comment has been minimized.

Copy link

ahmadabulaban commented Jan 15, 2020

When the new tag 8.3.23 (that contain this fix) will be available ?

@Nikhilkapoor20

This comment has been minimized.

Copy link

Nikhilkapoor20 commented Jan 16, 2020

Any update on this ?

@kolibrizas

This comment has been minimized.

Copy link

kolibrizas commented Jan 16, 2020

@Nikhilkapoor20 @ahmadabulaban
According to https://www.npmjs.com/package/@angular-devkit/build-angular 0.803.23 was released a few hours ago. With it tree-kill version was updated and now npm audit succeeds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
9 participants
You can’t perform that action at this time.