You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
@evocateur Would it be possible to release a new 3.13.5 with this change? lerna is raising a secuirity alert in npm audit (details) due to the transitive dependency with tar<4.4.2 in lerna 3.13.4. Thank you.
The reason will be displayed to describe this comment to others. Learn more.
This change has literally no effect on the version of tar that npm-lifecycle's dependency of node-gyp's dependency on tar resolves to. Lerna's direct dependency on tar has always been 4.x, and the transitive tar 2.x is never in fact invoked, as Lerna's usage of npm-lifecycle never invokes any code path where the transitive node-gyp might be employed. There is literally nothing Lerna can do to "fix" this.
On May 3, 2019, at 02:07, Guido García ***@***.***> wrote:
@evocateur Would it be possible to release a new 3.13.5 with this changes? lerna is raising a secuirity alert in npm audit (details) due to the transitive dependency with tar<4.4.2 in lerna 3.13.4. Thank you.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
8b7cdc0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@evocateur Would it be possible to release a new 3.13.5 with this change? lerna is raising a secuirity alert in npm audit (details) due to the transitive dependency with tar<4.4.2 in lerna 3.13.4. Thank you.
8b7cdc0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
8b7cdc0There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Understood. Thanks, Daniel.