-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm audit vulnerability in tar #2036
Comments
This has been fixed upstream, awaiting release. Closing as it is not a lerna issue. |
FYI here's the fix in |
There's been no activity from the npm team on npm/npm-lifecycle#34 in almost a week. @zkochan mentioned that he put together a fork of npm-lifecycle that has this fix. Is the lerna team planning to wait on npm/npm-lifecycle#34 or use https://github.com/zkochan/lifecycle in the near future? |
fixed in v2.1.1 of |
When can we expect |
`npm i -D lerna@latest`
… On May 8, 2019, at 14:55, Kousha Talebian ***@***.***> wrote:
When can we expect @lerna/run-lifecycle to bump npm-lifecycle?
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub, or mute the thread.
|
npm install results in audit errors:
this seems to emanate here: npm/npm-lifecycle#28
Expected Behavior
Current Behavior
Possible Solution
Steps to Reproduce (for bugs)
lerna.json
<!-- Please paste your `lerna.json` here -->
lerna-debug.log
Context
Your Environment
lerna --version
npm --version
yarn --version
node --version
The text was updated successfully, but these errors were encountered: