andrew-ignatiev

Is it possible to prioritize fixing of this vulnerability as it impacts negatively on cybersecurity report and business?

If anyone else experience the same issue, it can be resolved as follow: - cd /tmp && wget https://nodejs.org/download/release/v16.13.2/node-v16.13.2-headers.tar.gz - npm config set tarball /tmp/node-v16.13.2-headers.tar.gz - npm ci

@C5H8NNaO4 try this https://github.com/serverless-heaven/serverless-webpack/issues/1218#issuecomment-1269723395

@vicary it's not ideal to use [package.patterns](https://www.serverless.com/framework/docs/providers/aws/guide/packaging) especially when dependencies have a lot of peerDependencies. No one want to review manually peerDependencies in a large number of their lambda functions....

But it doesn't work by some reason. In my example the TypeORM version 3 started to be packaged with **ts-node** and **typescript** in **node_modules** and command **npm list typescript** says...

@j0k3r in unzipped lambda folder I see the next npm list outputs: **npm list ts-node** └─┬ [email protected] └── **[email protected]** **npm list typescript** └─┬ [email protected] └─┬ [email protected] └── **[email protected]** I have...

@j0k3r @vicary I've created minimal reproducible repo. Could you please check? * `git clone https://github.com/andrew-ignatiev/serverless-typeorm` * `cd serverless-typeorm` * `nvm use 14` * `npm ci` * `npm run sls:package --...

@j0k3r @vicary I've created extra branch with TypeORM v2 `typeorm-2`. The `main` branch has TypeORM v3. You can check that in `typeorm-2` the size of http-v1.zip is 13 Mb vs...

Temporary workaround for short term in **serverless.yml**: ``` .... plugins: - serverless-webpack ... - serverless-scriptable-plugin ... scriptable: # add custom hooks hooks: after:package:createDeploymentArtifacts: 'find ./.serverless -name "*.zip" -exec zip --delete...

Hey @finnmich, do you know when new version which includes this fix will be published to npm ?