Comments (3)
first of all, for security related concerns, please follow our security policy in the future.
npm needs to be updated to a higher version
you can already make this update in your project with no change to this project since we depend on npm as a range, rather than as a specific version. this is also one of the reasons we recommend installing and running with npx rather than capturing semantic-release as a dependency in your project. in your case, your lockfile is resulting in pulling old version when there is already a fix available for this concern.
since this is already solvable without us releasing an update, I'm going to close this with the recommendation to update your lockfile or to switch to using npx instead.
from npm.
first of all, for security related concerns, please follow our security policy in the future.
npm needs to be updated to a higher version
you can already make this update in your project with no change to this project since we depend on npm as a range, rather than as a specific version. this is also one of the reasons we recommend installing and running with npx rather than capturing semantic-release as a dependency in your project. in your case, your lockfile is resulting in pulling old version when there is already a fix available for this concern.
since this is already solvable without us releasing an update, I'm going to close this with the recommendation to update your lockfile or to switch to using npx instead.
Thank you for informing me. I have updated my environment as well as fixed the project I'm maintaining package.json script for updating npm to keep up to date.
Your help is much appreciated.
Cheers!
from npm.
no change to this project since we depend on npm as a range, rather than as a specific version.
@travi but the range you are allowing includes a version with a known vulnerability. Why not fix the issue?
from npm.
Related Issues (20)
- Provenance support not working? HOT 1
- npm whoami failing HOT 3
- `package.json` version not updated, despite correct plugin ordering HOT 1
- Set --no-workspaces with npm version HOT 2
- Command failed with exit code 1: npm version 0.22.2 --userconfig HOT 2
- error on publishing HOT 1
- Publishing failed since update from [email protected] to [email protected] with files mentioned in .gitignore HOT 6
- Update a package.json in a sub folder
- CVE-2023-42282 HOT 1
- Support for custom package.json properties to write changelist entries
- NPM Audit Signatures issue on 11.0.3 HOT 2
- Failed step "prepare" of plugin "@semantic-release/npm" due to reading malformed path HOT 13
- ERR_INVALID_AUTH triggered by semantic-release npm despite not having this field set in checkout directory HOT 11
- semantic-release seems publishing twice and causing error. HOT 1
- Array format/style is being changed HOT 3
- improve auth token resolution
- align approach for concatenating `.npmrc` files to better align with default npm behavior
- account for deprecation of `_auth` in existing `.npmrc` files
- Cannot set properties of null (setting 'peer') HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npm.