-
It seems that npm picks version up to dist-tag ”latest” automatically. I.e. semver resolution considers version with dist-tag ”latest” most recent stable to be selected if other version selection conditions are met. At the moment (October 18th 2022)
Those who have these (or one of these) in "@node-saml/node-saml": "^4.0.0-beta.3",
"@node-saml/passport-saml": "^4.0.0-beta.1", might think that they are getting fix for GHSA-m974-647v-whv7 by running If they do not pay attention to content of There are breaking changes between beta releases which could be the reason why only initial version per This post is not based on pure speculation/imagination how things could play out with current dist-tags, versions and content of package.json. PS. dunno why list both dependencies if |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
I think the best solution to this is to just release the final version. I'll care for that soon. |
Beta Was this translation helpful? Give feedback.
I think the best solution to this is to just release the final version. I'll care for that soon.