You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GitHub sent me some security alerts related to some of the dependencies in package-lock.json. Upgrading to 0.5.0 fixed most of those, but there are still some downstream dependencies related to js-yaml that I'm not sure how to resolve. Explicitly editing package-lock.json to use js-yaml >=3.13.0 fixes this, but to my understanding that might cause other issues
Thanks for the Issue and sorry for the delayed response. Now that the prerelease branch is merged into master (#68), there are only the 4 violations as you pointed out.
The js-yaml version comes from the LWC compiler and since this package is bound to the LWC version that's currently released to production orgs, it's really up to the compiler to fix this issue and release a new version. The issue on LWC can be tracked here: salesforce/lwc#1331.
salesforce/lwc#1331 was addressed with a fix last week. Are there any plans to update this with the updated lwc dependency? Would be most appreciated if there were to silence those security alerts related to js-yaml.
We will probably release the next version of LWC and update this package after the Xmas break. In the meantime, you can always run npm install with --slient flag to get rid of the noise.
GitHub sent me some security alerts related to some of the dependencies in package-lock.json. Upgrading to 0.5.0 fixed most of those, but there are still some downstream dependencies related to js-yaml that I'm not sure how to resolve. Explicitly editing package-lock.json to use js-yaml >=3.13.0 fixes this, but to my understanding that might cause other issues
The text was updated successfully, but these errors were encountered: