`pnpm audit` is currently complaining about the following GitHub security advisories on the `vm2` package: GHSA-cchq-frgv-rjh5 GHSA-g644-9gfx-q4q4 We don't use `vm2` directly: it is a (very) transitive dependency of `ibm-openapi-validator` via `@orval/core`. The validator is only potentially run when we generate our Primer API bindings, and in fact, we do not even currently run the validator at all, as it doesn't like our OpenAPI spec. Therefore, this advisory isn't relevant to us at this time. Unfortunately, there is currently no way to tell `pnpm audit` to ignore GHSA advisories, only CVEs. See relevant discussion in: https://github.com/orgs/pnpm/discussions/6204 pnpm/pnpm#6838 Ironically, it seems like it may be possible to use another IBM tool to post-process the output of `pnpm audit` and ignore certain issues: https://github.com/orgs/pnpm/discussions/5229 However, until we have time to look into that, we'll just disable `pnpm audit` in order to make forward progress. Note that we are also running regular security scans via GitHub's Dependabot and Snyk, so we have good security coverage even without the `pnpm audit` step. Signed-off-by: Drew Hess <src@drewhess.com>

Commits

Commits on Aug 2, 2023

docs: Fix comment typo

feat: Add optional "inline" mode for displaying nodes

fix: Avoid anti-aliasing issues in "inline"-style nodes

chore: Formatting

Commits on Aug 3, 2023

ci: disable pnpm audit step for the time being

ci: disable `pnpm audit` step for the time being