@npmcli/arborist - npm Package Compare versions

Comparing version 6.1.4 to 6.1.5

lib/arborist/build-ideal-tree.js

@@ -622,10 +622,12 @@ // mixin implementing the buildIdealTree method
 
-          const { isSemVerMajor, version } = fixAvailable
+          // name may be different if parent fixes the dep
+          // see Vuln fixAvailable setter
+          const { isSemVerMajor, version, name: fixName } = fixAvailable
           const breakingMessage = isSemVerMajor
             ? 'a SemVer major change'
             : 'outside your stated dependency range'
-          log.warn('audit', `Updating ${name} to ${version}, ` +
+          log.warn('audit', `Updating ${fixName} to ${version}, ` +
             `which is ${breakingMessage}.`)
 
-          await this[_add](node, { add: [`${name}@${version}`] })
+          await this[_add](node, { add: [`${fixName}@${version}`] })
           nodesTouched.add(node)
@@ -632,0 +634,0 @@ }

lib/vuln.js

@@ -68,2 +68,5 @@ // An object representing a vulnerability either as the result of an
     // - true: fix does not require -f
+    // TODO: duped entries may require different fixes but the current
+    // structure does not support this, so the case were a top level fix
+    // corrects a duped entry may mean you have to run fix more than once
     for (const v of this.via) {
@@ -70,0 +73,0 @@ // don't blow up on loops

package.json

 {
   "name": "@npmcli/arborist",
-  "version": "6.1.4",
+  "version": "6.1.5",
   "description": "Manage node_modules trees",
@@ -17,3 +17,3 @@ "dependencies": {
     "bin-links": "^4.0.1",
-    "cacache": "^17.0.2",
+    "cacache": "^17.0.3",
     "common-ancestor-path": "^1.0.1",
@@ -23,10 +23,10 @@ "hosted-git-info": "^6.1.1",
     "json-stringify-nice": "^1.1.4",
-    "minimatch": "^5.1.0",
+    "minimatch": "^5.1.1",
     "nopt": "^7.0.0",
     "npm-install-checks": "^6.0.0",
-    "npm-package-arg": "^10.0.0",
+    "npm-package-arg": "^10.1.0",
     "npm-pick-manifest": "^8.0.1",
-    "npm-registry-fetch": "^14.0.2",
+    "npm-registry-fetch": "^14.0.3",
     "npmlog": "^7.0.1",
-    "pacote": "^15.0.2",
+    "pacote": "^15.0.7",
     "parse-conflict-json": "^3.0.0",
@@ -38,3 +38,3 @@ "proc-log": "^3.0.0",
     "semver": "^7.3.7",
-    "ssri": "^10.0.0",
+    "ssri": "^10.0.1",
     "treeverse": "^3.0.0",
@@ -45,3 +45,3 @@ "walk-up-path": "^1.0.0"
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.10.0",
+    "@npmcli/template-oss": "4.11.0",
     "benchmark": "^2.1.4",
@@ -108,5 +108,5 @@ "chalk": "^4.1.0",
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.10.0",
+    "version": "4.11.0",
     "content": "../../scripts/template-oss/index.js"
   }
 }

No alert changes

Improved metrics

Total package byte prevSize

444318

increased by0.08%

Lines of code

11698

increased by0.04%

Dependency changes

• Updatedcacache@^17.0.3

• Updatedminimatch@^5.1.1

• Updatednpm-package-arg@^10.1.0

• Updatednpm-registry-fetch@^14.0.3

• Updatedpacote@^15.0.7

• Updatedssri@^10.0.1