Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated package-json dependency #181

Merged
merged 9 commits into from
Nov 29, 2023
Merged

Updated package-json dependency #181

merged 9 commits into from
Nov 29, 2023

Conversation

fbartho
Copy link
Contributor

@fbartho fbartho commented Jun 10, 2023
edited
Loading

Fixes: #180

package-json went ESM-only, but we only use it in one place in upgrade.ts, and the error that was thrown told me to use a dynamic import, so I did. It was already an async context, so I think this is fine?

The tests pass!

Many yarn.lock updates though!

@fbartho
Bump cli-dep: package-json to 8.1.0
f220e63 
This doesn't update yarn.lock as I'm not sure your procedure for that, and I'm using the web-editor currently.
@changeset-bot
Copy link

changeset-bot bot commented Jun 10, 2023
edited
Loading

🦋 Changeset detected

Latest commit: a4e6fbe

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@manypkg/cli Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@fbartho
Copy link
Contributor Author

fbartho commented Jun 10, 2023

I need your assistance for what kind of changeset to include, as this affects many dependencies (in yarn.lock), but doesn't affect Manypkg's API.

@fbartho
Copy link
Contributor Author

fbartho commented Jun 10, 2023

Looks like my PR expands on #176 -- sorry I didn't notice it!

@danii1
Copy link

danii1 commented Nov 29, 2023

Is the project still maintained? If so can we merge this, Snyk marked this vulnerability as critical.

@Andarist Andarist changed the title Bump cli-dep: package-json to 8.1.0 - Fixes: #180 Updated package-json dependency Nov 29, 2023
@Andarist Andarist mentioned this pull request Nov 29, 2023
Closed
@Andarist Andarist merged commit 1e31ced into Thinkmill:main Nov 29, 2023
2 checks passed
@github-actions github-actions bot mentioned this pull request Nov 29, 2023
Merged
@Andarist Andarist mentioned this pull request Oct 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Shravankumarkarnati Shravankumarkarnati Shravankumarkarnati approved these changes

@Andarist Andarist Andarist approved these changes

@eknowles eknowles eknowles approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dependabot Security Alert: Indirect Dependency "got" needs an update (direct-dep: "package-json" needs update)
5 participants
@fbartho @danii1 @eknowles @Andarist @Shravankumarkarnati