@npmcli/arborist 6.1.4 → 6.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/arborist/build-ideal-tree.js +5 -3
- package/lib/vuln.js +3 -0
- package/package.json +9 -9
|
@@ -619,14 +619,16 @@ module.exports = cls => class IdealTreeBuilder extends cls {
|
|
|
619
619
|
continue
|
|
620
620
|
}
|
|
621
621
|
|
|
622
|
-
|
|
622
|
+
// name may be different if parent fixes the dep
|
|
623
|
+
// see Vuln fixAvailable setter
|
|
624
|
+
const { isSemVerMajor, version, name: fixName } = fixAvailable
|
|
623
625
|
const breakingMessage = isSemVerMajor
|
|
624
626
|
? 'a SemVer major change'
|
|
625
627
|
: 'outside your stated dependency range'
|
|
626
|
-
log.warn('audit', `Updating ${
|
|
628
|
+
log.warn('audit', `Updating ${fixName} to ${version}, ` +
|
|
627
629
|
`which is ${breakingMessage}.`)
|
|
628
630
|
|
|
629
|
-
await this[_add](node, { add: [`${
|
|
631
|
+
await this[_add](node, { add: [`${fixName}@${version}`] })
|
|
630
632
|
nodesTouched.add(node)
|
|
631
633
|
}
|
|
632
634
|
}
|
package/lib/vuln.js
CHANGED
|
@@ -65,6 +65,9 @@ class Vuln {
|
|
|
65
65
|
// - {name, version, isSemVerMajor} fix requires -f, is semver major
|
|
66
66
|
// - {name, version} fix requires -f, not semver major
|
|
67
67
|
// - true: fix does not require -f
|
|
68
|
+
// TODO: duped entries may require different fixes but the current
|
|
69
|
+
// structure does not support this, so the case were a top level fix
|
|
70
|
+
// corrects a duped entry may mean you have to run fix more than once
|
|
68
71
|
for (const v of this.via) {
|
|
69
72
|
// don't blow up on loops
|
|
70
73
|
if (v.fixAvailable === f) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@npmcli/arborist",
|
|
3
|
-
"version": "6.1.
|
|
3
|
+
"version": "6.1.5",
|
|
4
4
|
"description": "Manage node_modules trees",
|
|
5
5
|
"dependencies": {
|
|
6
6
|
"@isaacs/string-locale-compare": "^1.1.0",
|
|
@@ -14,32 +14,32 @@
|
|
|
14
14
|
"@npmcli/query": "^3.0.0",
|
|
15
15
|
"@npmcli/run-script": "^6.0.0",
|
|
16
16
|
"bin-links": "^4.0.1",
|
|
17
|
-
"cacache": "^17.0.
|
|
17
|
+
"cacache": "^17.0.3",
|
|
18
18
|
"common-ancestor-path": "^1.0.1",
|
|
19
19
|
"hosted-git-info": "^6.1.1",
|
|
20
20
|
"json-parse-even-better-errors": "^3.0.0",
|
|
21
21
|
"json-stringify-nice": "^1.1.4",
|
|
22
|
-
"minimatch": "^5.1.
|
|
22
|
+
"minimatch": "^5.1.1",
|
|
23
23
|
"nopt": "^7.0.0",
|
|
24
24
|
"npm-install-checks": "^6.0.0",
|
|
25
|
-
"npm-package-arg": "^10.
|
|
25
|
+
"npm-package-arg": "^10.1.0",
|
|
26
26
|
"npm-pick-manifest": "^8.0.1",
|
|
27
|
-
"npm-registry-fetch": "^14.0.
|
|
27
|
+
"npm-registry-fetch": "^14.0.3",
|
|
28
28
|
"npmlog": "^7.0.1",
|
|
29
|
-
"pacote": "^15.0.
|
|
29
|
+
"pacote": "^15.0.7",
|
|
30
30
|
"parse-conflict-json": "^3.0.0",
|
|
31
31
|
"proc-log": "^3.0.0",
|
|
32
32
|
"promise-all-reject-late": "^1.0.0",
|
|
33
33
|
"promise-call-limit": "^1.0.1",
|
|
34
34
|
"read-package-json-fast": "^3.0.1",
|
|
35
35
|
"semver": "^7.3.7",
|
|
36
|
-
"ssri": "^10.0.
|
|
36
|
+
"ssri": "^10.0.1",
|
|
37
37
|
"treeverse": "^3.0.0",
|
|
38
38
|
"walk-up-path": "^1.0.0"
|
|
39
39
|
},
|
|
40
40
|
"devDependencies": {
|
|
41
41
|
"@npmcli/eslint-config": "^4.0.0",
|
|
42
|
-
"@npmcli/template-oss": "4.
|
|
42
|
+
"@npmcli/template-oss": "4.11.0",
|
|
43
43
|
"benchmark": "^2.1.4",
|
|
44
44
|
"chalk": "^4.1.0",
|
|
45
45
|
"minify-registry-metadata": "^2.1.0",
|
|
@@ -101,7 +101,7 @@
|
|
|
101
101
|
},
|
|
102
102
|
"templateOSS": {
|
|
103
103
|
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
|
|
104
|
-
"version": "4.
|
|
104
|
+
"version": "4.11.0",
|
|
105
105
|
"content": "../../scripts/template-oss/index.js"
|
|
106
106
|
}
|
|
107
107
|
}
|