Arvados

Updates at commit 84ef70b - branch 16052-update-packages

By using yarn audit I was able to understand better how the different modules are requested. There're indirect dependencies that require special treatment via a resolutions key on package.json file. See: https://yarnpkg.com/lang/en/docs/selective-version-resolutions/

Lucas Di Pentima wrote:

Updates at commit 84ef70b - branch 16052-update-packages

By using yarn audit I was able to understand better how the different modules are requested. There're indirect dependencies that require special treatment via a resolutions key on package.json file. See: https://yarnpkg.com/lang/en/docs/selective-version-resolutions/

This LGTM.

Would it make sense to add yarn audit to our build pipeline somewhere?

Peter Amstutz wrote:

Would it make sense to add yarn audit to our build pipeline somewhere?

Maybe we can add it as part of the test pipeline. For example checking its errorlevel is >= 8 would fail when issues with priority high or worse are detected: https://legacy.yarnpkg.com/lang/en/docs/cli/audit/#toc-yarn-audit