Skip to content

Update dependencies: tar and ansi-regex #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 3, 2021
Merged

Update dependencies: tar and ansi-regex #38

merged 1 commit into from
Nov 3, 2021

Conversation

edhzsz
Copy link
Contributor

@edhzsz edhzsz commented Oct 20, 2021

Description of changes:

These current versions of these dependencies have reports of
vulnerabilities. Both are transient development dependencies
and are used only during transpiling the Typescript files, or during
linting.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@edhzsz
Update dependencies: tar and ansi-regex
150e9be 
These current versions of these dependencies have reports of
vulnerabilities. Both are transient development dependencies
and are used only during transpiling the Typescript files, or during
linting.
krk
krk reviewed Oct 20, 2021
View reviewed changes
package-lock.json
"requires": true,
"packages": {
"": {
"name": "aws-lambda-ric",
"version": "1.1.0",
"version": "2.0.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this an expected change?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, 2.0.0 is the current version of this library.

package-lock.json
@@ -7506,6 +7624,14 @@
"minipass": "^3.1.1"
}
},
"string_decoder": {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a new dependency, expected?

Copy link
Contributor Author

@edhzsz edhzsz Oct 20, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a new dependency. This package depends on it already.

It is unexpected that shows as new dependency, but the lockfileVersion changed so I assume this is the result of it.

@carlzogh carlzogh merged commit c31c41f into aws:main Nov 3, 2021
@andclt andclt mentioned this pull request May 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krk krk krk approved these changes

@carlzogh carlzogh carlzogh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@edhzsz @krk @carlzogh