default audit severity=high, vulnerable_versions=* by isaacs · Pull Request #230 · npm/arborist · GitHub

This repository was archived by the owner on Jan 20, 2022. It is now read-only.

Contributor

isaacs commented Feb 13, 2021

Fix: npm/cli#1875
Related: npm/metavuln-calculator#4

References


          default audit severity=high, vulnerable_versions=*

9e88f87

Fix: npm/cli#1875
Related: npm/metavuln-calculator#4

ruyadorno approved these changes

View reviewed changes

isaacs closed this in

d407da7

isaacs added a commit to npm/cli that referenced this pull request


          @npmcli/[email protected]

8c36697

* [#1875](#1875)
  [npm/arborist#230](npm/arborist#230) Set default
  advisory `severity`/`vulnerable_range` when missing from audit endpoint
  data ([@isaacs](https://github.com/isaacs))
* [npm/arborist#231](npm/arborist#231) skip
  optional deps with mismatched platform or engine
  ([@nlf](https://github.com/nlf))
* [#2251](#2251) Unpack shrinkwrapped deps
  not already unpacked ([@isaacs](https://github.com/isaacs),
  [@nlf](https://github.com/nlf))
* [#2714](#2714) Do not write package.json
  if nothing changed ([@isaacs](https://github.com/isaacs))
* [npm/rfcs#324](npm/rfcs#324) Prefer peer over
  prod dep, if both specified ([@isaacs](https://github.com/isaacs))
* [npm/arborist#236](npm/arborist#236) Fix
  additional peerOptional conflict cases
  ([@isaacs](https://github.com/isaacs))

isaacs mentioned this pull request

@npmcli/[email protected] npm/cli#2727

Merged

nlf mentioned this pull request

Release/v7.5.5 npm/cli#2754

Merged

ruyadorno mentioned this pull request

deps: upgrade npm to 7.5.6 nodejs/node#37496

Closed

wraithgar deleted the isaacs/audit-default-vulnerable-versions-to-all branch

April 22, 2021 17:46

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet