New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport js-yaml dependency upgrade to v0.18 #1693
Comments
Hi, @simPod , sorry for the delay. I released 0.18.1 with this fix. (btw, if you are using |
@dotansimha Hi, no worries. Thanks for reply and ur work. Meanwhile I used |
@dotansimha yea... one more thing https://www.npmjs.com/advisories/813 sorry :D It needs js-yaml Why not use |
@simPod that's the one I upgraded to: 7713bf5#diff-e8b2a1e1f04630fb5c0898905c324ab4R71 And we prefer to use pinned dependencies, makes it easier to maintain and track :) |
@dotansimha u r right, mb. Thanks! |
https://www.npmjs.com/advisories/788
js-yaml 3.12.0 is marked as vulnerable. Upgrade to 3.13.0 is required. However, gql-code-generator v0.18 requires it as
3.12.0
and not as^3.12.0
so the version is locked. Can we have v0.18.1 with dep upgrade, please?The text was updated successfully, but these errors were encountered: