Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upUpdate merge to >=1.2.1 #245
Merged
Conversation
Generate package-lock.json by 1. modifying package.json in browser-launcher to have merge dep "^1.2.1" 2. delete merge folder in node_modules 3. npm install 4. make sure we have modified packge-lock.json 5. rm entire node_modules 6. do npm install and make sure we install merge version >= 1.2.1 7. npm audit should have no errors now
|
++ |
|
good idea. unfortunately this will cause the vuln to show up again every time someone does npm install. maybe i can add this as a postinstall script. |
|
right, package-lock.json get modified again |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
darkdh commentedNov 19, 2018
•
edited
Generate package-lock.json by
^1.2.1fix #232