@npmcli/arborist
Advanced tools
Comparing version 6.1.4 to 6.1.5
@@ -622,10 +622,12 @@ // mixin implementing the buildIdealTree method | ||
const { isSemVerMajor, version } = fixAvailable | ||
// name may be different if parent fixes the dep | ||
// see Vuln fixAvailable setter | ||
const { isSemVerMajor, version, name: fixName } = fixAvailable | ||
const breakingMessage = isSemVerMajor | ||
? 'a SemVer major change' | ||
: 'outside your stated dependency range' | ||
log.warn('audit', `Updating ${name} to ${version}, ` + | ||
log.warn('audit', `Updating ${fixName} to ${version}, ` + | ||
`which is ${breakingMessage}.`) | ||
await this[_add](node, { add: [`${name}@${version}`] }) | ||
await this[_add](node, { add: [`${fixName}@${version}`] }) | ||
nodesTouched.add(node) | ||
@@ -632,0 +634,0 @@ } |
@@ -68,2 +68,5 @@ // An object representing a vulnerability either as the result of an | ||
// - true: fix does not require -f | ||
// TODO: duped entries may require different fixes but the current | ||
// structure does not support this, so the case were a top level fix | ||
// corrects a duped entry may mean you have to run fix more than once | ||
for (const v of this.via) { | ||
@@ -70,0 +73,0 @@ // don't blow up on loops |
{ | ||
"name": "@npmcli/arborist", | ||
"version": "6.1.4", | ||
"version": "6.1.5", | ||
"description": "Manage node_modules trees", | ||
@@ -17,3 +17,3 @@ "dependencies": { | ||
"bin-links": "^4.0.1", | ||
"cacache": "^17.0.2", | ||
"cacache": "^17.0.3", | ||
"common-ancestor-path": "^1.0.1", | ||
@@ -23,10 +23,10 @@ "hosted-git-info": "^6.1.1", | ||
"json-stringify-nice": "^1.1.4", | ||
"minimatch": "^5.1.0", | ||
"minimatch": "^5.1.1", | ||
"nopt": "^7.0.0", | ||
"npm-install-checks": "^6.0.0", | ||
"npm-package-arg": "^10.0.0", | ||
"npm-package-arg": "^10.1.0", | ||
"npm-pick-manifest": "^8.0.1", | ||
"npm-registry-fetch": "^14.0.2", | ||
"npm-registry-fetch": "^14.0.3", | ||
"npmlog": "^7.0.1", | ||
"pacote": "^15.0.2", | ||
"pacote": "^15.0.7", | ||
"parse-conflict-json": "^3.0.0", | ||
@@ -38,3 +38,3 @@ "proc-log": "^3.0.0", | ||
"semver": "^7.3.7", | ||
"ssri": "^10.0.0", | ||
"ssri": "^10.0.1", | ||
"treeverse": "^3.0.0", | ||
@@ -45,3 +45,3 @@ "walk-up-path": "^1.0.0" | ||
"@npmcli/eslint-config": "^4.0.0", | ||
"@npmcli/template-oss": "4.10.0", | ||
"@npmcli/template-oss": "4.11.0", | ||
"benchmark": "^2.1.4", | ||
@@ -108,5 +108,5 @@ "chalk": "^4.1.0", | ||
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", | ||
"version": "4.10.0", | ||
"version": "4.11.0", | ||
"content": "../../scripts/template-oss/index.js" | ||
} | ||
} |
444318
11698
Updatedcacache@^17.0.3
Updatedminimatch@^5.1.1
Updatednpm-package-arg@^10.1.0
Updatednpm-registry-fetch@^14.0.3
Updatedpacote@^15.0.7
Updatedssri@^10.0.1