You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Now that github has automated security warnings, a project I work on keeps getting pinged about mem and changing to mem@^4.0.0:
tracing it comes from this project, via the username dependency. My first step was to update to the latest ember-cli-cjs-transform (1.3.1), however this didn't fix it, as it was still using username ^3.0.0
I thought this was very odd, as looking at this project's package.json and yarn.lock for 1.3.1 it seems it should be username ^4.0.0
so I started to dive in more, I tried a few things (clearing yarn cache, removing yarn.lock, etc) but nothing worked. Eventually I thought maybe the yarn pkg is wrong. So I downloaded the resolved package and to my surprise it had a package.json with username ^3.0.0
I then tried a brand new project with npm only, and was surprised to see the same thing in the package-lock. This has led me to believe the currently deployed npm package for 1.3.1 is not matching the code at 1.3.1
The text was updated successfully, but these errors were encountered:
Now that github has automated security warnings, a project I work on keeps getting pinged about
memand changing tomem@^4.0.0:tracing it comes from this project, via the
usernamedependency. My first step was to update to the latest ember-cli-cjs-transform (1.3.1), however this didn't fix it, as it was still using username ^3.0.0I thought this was very odd, as looking at this project's package.json and yarn.lock for 1.3.1 it seems it should be username ^4.0.0
so I started to dive in more, I tried a few things (clearing yarn cache, removing yarn.lock, etc) but nothing worked. Eventually I thought maybe the yarn pkg is wrong. So I downloaded the resolved package and to my surprise it had a package.json with username ^3.0.0
I then tried a brand new project with npm only, and was surprised to see the same thing in the package-lock. This has led me to believe the currently deployed npm package for 1.3.1 is not matching the code at 1.3.1
The text was updated successfully, but these errors were encountered: