Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[npm] Reject audits which don't have a fix we can apply #5815

Merged
merged 1 commit into from
Sep 30, 2022
Merged

[npm] Reject audits which don't have a fix we can apply #5815

merged 1 commit into from
Sep 30, 2022

Conversation

mctofu
Copy link
Contributor

@mctofu mctofu commented Sep 30, 2022
edited

I've seen this occurring when the package-lock.json is not in sync with the package.json. In these cases the result contains fix_available: true but the fix_updates property is empty or contains dependencies with missing target versions.

@mctofu mctofu marked this pull request as ready for review September 30, 2022 16:33
@mctofu mctofu requested a review from a team as a code owner September 30, 2022 16:33
@mctofu mctofu changed the title Reject audits which don't have a fix we can apply [npm] Reject audits which don't have a fix we can apply Sep 30, 2022
@mctofu
Reject audits which don't have a fix we can apply
848c1e4 
One reason for this is when the package-lock.json is not in sync with
the package.json.
@mctofu mctofu merged commit ac305a7 into main Sep 30, 2022
@mctofu mctofu deleted the mctofu/audit-fix-incomplete branch September 30, 2022 23:01
@pavera pavera mentioned this pull request Oct 31, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeffwidman jeffwidman jeffwidman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mctofu @jeffwidman