Bug #16052
closed
update serialize-javascript and js-yaml packages
Updated by Lucas Di Pentima about 6 years ago
- Status changed from New to In Progress
Updated by Lucas Di Pentima about 6 years ago
Updates at commit 84ef70b - branch 16052-update-packages
By using yarn audit I was able to understand better how the different modules are requested. There're indirect dependencies that require special treatment via a resolutions key on package.json file. See: https://yarnpkg.com/lang/en/docs/selective-version-resolutions/
Updated by Peter Amstutz about 6 years ago
Lucas Di Pentima wrote:
Updates at commit 84ef70b - branch
16052-update-packagesBy using
yarn auditI was able to understand better how the different modules are requested. There're indirect dependencies that require special treatment via aresolutionskey onpackage.jsonfile. See: https://yarnpkg.com/lang/en/docs/selective-version-resolutions/
This LGTM.
Would it make sense to add yarn audit to our build pipeline somewhere?
Updated by Lucas Di Pentima about 6 years ago
Peter Amstutz wrote:
Would it make sense to add
yarn auditto our build pipeline somewhere?
Maybe we can add it as part of the test pipeline. For example checking its errorlevel is >= 8 would fail when issues with priority high or worse are detected: https://legacy.yarnpkg.com/lang/en/docs/cli/audit/#toc-yarn-audit
Updated by Anonymous about 6 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados-workbench-2:arvados-workbench2|20844fff7469abc3caaf0e14c05741e0acc62611.