Bug #16052
closedupdate serialize-javascript and js-yaml packages
Updated by Lucas Di Pentima almost 5 years ago
- Status changed from New to In Progress
Updated by Lucas Di Pentima almost 5 years ago
Updates at commit 84ef70b - branch 16052-update-packages
By using yarn audit
I was able to understand better how the different modules are requested. There're indirect dependencies that require special treatment via a resolutions
key on package.json
file. See: https://yarnpkg.com/lang/en/docs/selective-version-resolutions/
Updated by Peter Amstutz almost 5 years ago
Lucas Di Pentima wrote:
Updates at commit 84ef70b - branch
16052-update-packages
By using
yarn audit
I was able to understand better how the different modules are requested. There're indirect dependencies that require special treatment via aresolutions
key onpackage.json
file. See: https://yarnpkg.com/lang/en/docs/selective-version-resolutions/
This LGTM.
Would it make sense to add yarn audit
to our build pipeline somewhere?
Updated by Lucas Di Pentima almost 5 years ago
Peter Amstutz wrote:
Would it make sense to add
yarn audit
to our build pipeline somewhere?
Maybe we can add it as part of the test pipeline. For example checking its errorlevel is >= 8 would fail when issues with priority high or worse are detected: https://legacy.yarnpkg.com/lang/en/docs/cli/audit/#toc-yarn-audit
Updated by Anonymous almost 5 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados-workbench-2:arvados-workbench2|20844fff7469abc3caaf0e14c05741e0acc62611.