Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: @npmcli/metavuln-calculator@3.1.0 #4674

Merged
merged 1 commit into from
Apr 4, 2022

Conversation

wraithgar
Copy link
Member

  • include cwe and cvss in advisories

  * include cwe and cvss in advisories
@wraithgar wraithgar requested a review from a team as a code owner April 4, 2022 17:39
@wraithgar wraithgar added the Dependencies Pull requests that update a dependency file label Apr 4, 2022
@npm-robot
Copy link
Contributor

no statistically significant performance changes detected

timing results
app-large clean lock-only cache-only cache-only
peer-deps
modules-only no-lock no-cache no-modules no-clean no-clean
audit
npm@8 61.642 ±8.15 33.049 ±0.05 30.600 ±15.30 22.357 ±0.84 3.385 ±0.02 3.491 ±0.05 2.879 ±0.10 12.682 ±0.01 2.715 ±0.03 3.760 ±0.07
#4674 61.417 ±3.78 33.961 ±0.74 19.536 ±0.01 22.349 ±0.64 3.462 ±0.02 3.460 ±0.02 2.753 ±0.02 13.001 ±0.09 2.747 ±0.02 4.031 ±0.28
app-medium clean lock-only cache-only cache-only
peer-deps
modules-only no-lock no-cache no-modules no-clean no-clean
audit
npm@8 46.429 ±0.93 26.009 ±0.20 14.827 ±0.02 15.772 ±0.14 3.119 ±0.04 3.134 ±0.01 2.816 ±0.10 9.577 ±0.01 2.583 ±0.01 3.505 ±0.00
#4674 45.247 ±4.54 26.532 ±0.21 15.043 ±0.33 16.042 ±0.38 3.191 ±0.02 3.191 ±0.06 2.819 ±0.15 9.715 ±0.06 2.600 ±0.03 3.537 ±0.05

@wraithgar wraithgar merged commit aaf86f6 into latest Apr 4, 2022
@wraithgar wraithgar deleted the deps/metavuln-calculator-3.1.0 branch April 4, 2022 18:43
@lukekarrys lukekarrys mentioned this pull request Apr 14, 2022
@valentijnscholten
Copy link

@wraithgar @lukekarrys would it be possible to backport this to V7?

@wraithgar
Copy link
Member Author

The only breaking change between v7 and v8 was dropping support for older node versions. It is also not shipped by default in any current node version line. As such it is not being maintained. v6 is getting security updates only because it still ships with node 12 and node 14 by default.

@valentijnscholten
Copy link

Ah ok, then I just have misread the Google search results or saw old information somewhere.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants