Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Improve npm7+ error message #2598

Merged
merged 1 commit into from
Jan 18, 2022
Merged

feat: Improve npm7+ error message #2598

merged 1 commit into from
Jan 18, 2022

Conversation

robcresswell
Copy link
Contributor

This patch bumps the nodejs-lockfile-parser to 1.38.0, improving the error message shown when a dependency is missing from the lockfile

https://github.com/snyk/nodejs-lockfile-parser/releases/tag/v1.38.0

@robcresswell
feat: Improve npm7+ error message
92a5bd8 
This patch bumps the `nodejs-lockfile-parser` to `1.38.0`, improving the
error message shown when a dependency is missing from the lockfile

https://github.com/snyk/nodejs-lockfile-parser/releases/tag/v1.38.0
@robcresswell robcresswell requested a review from a team as a code owner January 18, 2022 16:47
ghost
ghost suggested changes Jan 18, 2022
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

package-lock.json change looks a bit odd. Too many additions for what should just be a version bump. 🤔

Did you run npm ci before npm update snyk-nodejs-lockfile-parser@1.38.0? Might be junk from a stale node_modules.

@robcresswell
Copy link
Contributor Author

@jahed-snyk I did, yeah. I believe its churning because the docker plugin also depends on the lockfile parser at a different version

npm ls snyk-nodejs-lockfile-parser

snyk@1.0.0-monorepo /Users/robcresswell/snyk/snyk
├─┬ snyk-docker-plugin@4.33.0
│ └── snyk-nodejs-lockfile-parser@1.37.2
├── snyk-nodejs-lockfile-parser@1.38.0
└─┬ snyk@1.0.0-monorepo -> ./
  └── snyk-nodejs-lockfile-parser@1.38.0 deduped

@robcresswell robcresswell requested a review from a user January 18, 2022 17:08
@ghost
Copy link

ghost commented Jan 18, 2022

@robcresswell Makes sense. I'm wondering if it's worth offering docker plugin a similar bump before upgrading Snyk CLI so that scanning behaviour is in sync. What do you think?

@robcresswell
Copy link
Contributor Author

I'd rather do them separately to be honest; the only change is a resulting error message, and I'm reluctant to gate one customers fix behind an entirely separate teams review

@robcresswell robcresswell merged commit 7dea4df into master Jan 18, 2022
@robcresswell robcresswell deleted the feat/improve-npm7+-err-msg branch January 18, 2022 17:10
@snyk-bot snyk-bot mentioned this pull request Jun 14, 2022
Open
@EitanGayor EitanGayor mentioned this pull request Jun 16, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Jun 22, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@robcresswell