-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix opinionator #333
Fix opinionator #333
Conversation
e786282
to
002931f
Compare
@mtuchi I've just rebased this on top of the other changes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the changes in salesforce/package.json
reverts back what was done in this PR #337
We should remove them since they are already done
Thanks for being vigilant @mtuchi ! I've checked out the package.json from main and removed yargs. It should be up to date now. |
This looks good now, i am going to merge it |
We've had a security alert from a low level dependency (
word-wrap
), which comes out ofoptionator
.The vulnerability affects two packages: salesforce and mailgun.
Salesforce is actually a red herring because it only affects a dev dependency, which I have corrected here (and has since been fixed on main). I've also removed
yargs
from salesforce deps as its unneeded.For mailgun I have overridden the version of
optionator
. If you install mailgun now and runnpm why optionator
, you can see that the version is correctly overridden:Note that adding the override in the monorepo root (via pnpm) doesn't actually affect the built packages (disappointing but on reflection perhaps not surprising). So we have to do it in the adaptor itself.
This is a good workaround until we properly update the mailgun package.
Note that this is based on the pnpm bump branch.
Closes #330 (and the associated vulnerabilities)