You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ref: GHSA-9c47-m6qq-7p4h
Context: Some of our repositories are using this library as a sub-dependency.
Action: Check if we need to patch the repos and coordinate the patching priority
The text was updated successfully, but these errors were encountered:
@UlisesGascon
I'm not aware of a way to patch a transitive dependencies. Updating package-lock is useless for modules since it is excluded from the bundle published to npm. The only benefit is that it ensures everyone checking out the module has the same set of dependencies, but will not benefit anyone installing the module from npm.
I Agree @cressie176. I believe in most cases we get rid of the warning once we do the dependencies upgrade as part of the project lifecycle. @inigomarquinez is checking in case that we use it directly in any project and can affect us in a real scenario
Ref: GHSA-9c47-m6qq-7p4h
Context: Some of our repositories are using this library as a sub-dependency.
Action: Check if we need to patch the repos and coordinate the patching priority
The text was updated successfully, but these errors were encountered: