Comments (6)
The information is wrong, it was fixed in the 1.0.1 release.
I've asked on the npm forum on how to get that report fixed: https://npm.community/t/how-to-report-fixed-vulnerability/2943.
from merge-options.
The report got updated, you shouldn't get this warning anymore.
from merge-options.
I assume the problem then is that webpack-command
lists the dependency as "merge-options": "^1.0.0",
. Sure it updates to 1.0.1
as so as anyone does npm i
, but 1.0.0
is stil listed in package.json
.
from merge-options.
I don't get any warnings:
$ npm install webpack-command
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] requires a peer of webpack@^4.4.0 but none is installed. You must install peer dependencies yourself.
npm WARN @webpack-contrib/[email protected] requires a peer of webpack@^3.0.0 || ^4.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @webpack-contrib/[email protected] requires a peer of webpack@^4.3.0 but none is installed. You must install peer dependencies yourself.
npm WARN webpackcommand No description
npm WARN webpackcommand No repository field.
npm WARN webpackcommand No license field.
+ [email protected]
added 206 packages from 115 contributors and audited 482 packages in 10.655s
found 0 vulnerabilities
from merge-options.
Let me check my package-lock.json
then. Hmm, I cannot reproduce the issue any more. Closing.
from merge-options.
👍 @vmx many thanks for looking into this.
from merge-options.
Related Issues (15)
- Is this different in results than lodash.merge? HOT 1
- CVE HOT 1
- [Request] Keep first param reactive like Object.assign HOT 1
- undefined values are merged HOT 4
- Can a stable release be published? HOT 1
- TypeScript is not supported HOT 5
- node 12 support? HOT 2
- cjs/esm support breaks IntelliSense of VSCode HOT 1
- Rollup complains
- Breaking in webpack when ignore node_modules HOT 9
- Fails to build on create-react-app: Publish ES5 to NPM HOT 6
- [production build] Unexpected token: operator (>) [scripts/main_d82bc1a8.js:7487,44] HOT 1
- Snyk vulnerability report HOT 3
- Consideration for Alternate Array Handling HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from merge-options.