Skip to content

Commit

Permalink
[Deps] update tsconfig-paths
Browse files Browse the repository at this point in the history
  • Loading branch information
@ljharb
ljharb committed Feb 25, 2023
1 parent 8f05399 commit 5680a1f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,6 @@
"object.values": "^1.1.6",
"resolve": "^1.22.1",
"semver": "^6.3.0",
"tsconfig-paths": "^3.14.1"
"tsconfig-paths": "^3.14.2"
}
}

8 comments on commit 5680a1f

@lucashaensch
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello! Any chance this will be released soon?

@ljharb
Copy link
Member Author

@ljharb ljharb commented on 5680a1f Mar 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lucashaensch there's no need; the dependency uses ^ - the semver range - so these updates are automatic. You just need to update your lockfile.

@nmoinvaz
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there needs to be a release in order for that to happen right? Unless we are using @main..

@ljharb
Copy link
Member Author

@ljharb ljharb commented on 5680a1f Mar 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nmoinvaz no, that's incorrect. ^ is a semver range, so intermediate packages need never do anything for you to update transitive deps to nonbreaking versions. You just need to update your lockfiles.

@lucascaton
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know how it works but here's a Dependabot alert. Which package should update what to get this fixed?

image

@ljharb
Copy link
Member Author

@ljharb ljharb commented on 5680a1f Mar 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It says yarn.lock, so, yarn update json5. 1.0.2 fixes the issue, but it’s possible the security warning hasn’t been updated to acknowledge that yet.

@lucascaton
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @ljharb but I tried yarn update json5 1.0.2, yarn update json5, and yarn upgrade-interactive --latest.

None of these changed my yarn.lock 😞

@lucashaensch
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lucashaensch there's no need; the dependency uses ^ - the semver range - so these updates are automatic. You just need to update your lockfile.

You're right :) Just deleted yarn.lock and yarn build did the trick. Thanks!

Please sign in to comment.