vscode-bazel icon indicating copy to clipboard operation
vscode-bazel copied to clipboard

Published 20 hours ago verified publisher icon bazelbuild

upgrade path-parse explicitly

Open jmhodges opened this issue 3 years ago • 2 comments

Any other changes to packages.json adds a downgrade (for some reason) to path-parse 1.0.6 to the packages-lock.json. That's not ideal and, on top of that, 1.0.6 has a vulnerability in it. https://github.com/advisories/GHSA-hj48-42vr-x3v9

To prevent that from happening, we upgrade to 1.0.7 explicitly in the lockfile.

jmhodges avatar Jan 01 '22 00:01 jmhodges

This downgrade seems to happen anytime you run npm install at all.

jmhodges avatar Jan 01 '22 00:01 jmhodges

Oh, I've also had to include #258 in order to get the CI past the pbjs and pbts permission problems.

jmhodges avatar Jan 01 '22 01:01 jmhodges