Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐈 JS Dependency Updates #3160

Closed
wants to merge 2 commits into from
Closed

🐈 JS Dependency Updates #3160

wants to merge 2 commits into from

Conversation

TheBitShepherd
Copy link
Contributor

No description provided.

@TheBitShepherd TheBitShepherd requested a review from a team as a code owner September 20, 2021 17:22
@TheBitShepherd
Copy link
Contributor Author

TheBitShepherd commented Sep 20, 2021
edited
Loading

@davisagli - I pinned node-fetch to mitigate this issue; however, this only fixes one of the dependabot alerts. I'm not sure how to fix the issues where one package is pinned by another transient one. Some of them are referenced by many other packages, so would we need to pin each of those to a version that doesn't use the vuln version of the dependency in question?

@davisagli
Copy link
Contributor

Replaced by #3161

@davisagli davisagli closed this Sep 21, 2021
@davisagli davisagli deleted the feature/fix-dependabot-alerts branch September 21, 2021 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TheBitShepherd @davisagli