Comments (6)
vmx
commented on July 23, 2024
The information is wrong, it was fixed in the 1.0.1 release.
I've asked on the npm forum on how to get that report fixed: https://npm.community/t/how-to-report-fixed-vulnerability/2943.
from merge-options.
vmx
commented on July 23, 2024
The report got updated, you shouldn't get this warning anymore.
from merge-options.
franktopel
commented on July 23, 2024
I assume the problem then is that webpack-command lists the dependency as "merge-options": "^1.0.0",. Sure it updates to 1.0.1 as so as anyone does npm i, but 1.0.0 is stil listed in package.json.
from merge-options.
vmx
commented on July 23, 2024
I don't get any warnings:
$ npm install webpack-command
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN [email protected] requires a peer of webpack@^4.4.0 but none is installed. You must install peer dependencies yourself.
npm WARN @webpack-contrib/[email protected] requires a peer of webpack@^3.0.0 || ^4.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @webpack-contrib/[email protected] requires a peer of webpack@^4.3.0 but none is installed. You must install peer dependencies yourself.
npm WARN webpackcommand No description
npm WARN webpackcommand No repository field.
npm WARN webpackcommand No license field.
+ [email protected]
added 206 packages from 115 contributors and audited 482 packages in 10.655s
found 0 vulnerabilitiesfrom merge-options.
franktopel
commented on July 23, 2024
Let me check my package-lock.json then. Hmm, I cannot reproduce the issue any more. Closing.
from merge-options.
schnittstabil
commented on July 23, 2024
👍 @vmx many thanks for looking into this.
from merge-options.
Related Issues (15)
- Is this different in results than lodash.merge? HOT 1
- CVE HOT 1
- [Request] Keep first param reactive like Object.assign HOT 1
- undefined values are merged HOT 4
- Can a stable release be published? HOT 1
- TypeScript is not supported HOT 5
- node 12 support? HOT 2
- cjs/esm support breaks IntelliSense of VSCode HOT 1
- Rollup complains
- Breaking in webpack when ignore node_modules HOT 9
- Fails to build on create-react-app: Publish ES5 to NPM HOT 6
- [production build] Unexpected token: operator (>) [scripts/main_d82bc1a8.js:7487,44] HOT 1
- Snyk vulnerability report HOT 3
- Consideration for Alternate Array Handling HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from merge-options.