Comments (3)
travi
commented on July 28, 2024
Important
please use our security policy in the future for potential security related issues.
Currently this library uses lodash v4.17.4
that version is defined as the lower bound of the defined range for the dependency. the patched version is also in-range. simply update your lockfile. you do not need to depend on an update of this package to update to the latest version
from exec.
tiwarishubham635
commented on July 28, 2024
@travi but if I directly update my lockfile, the changes will be overriden with npm install. I am facing issue in this
from exec.
travi
commented on July 28, 2024
i understand that this might not have been clear in my response, but i am not advocating for manually modifying your lockfile directly. you should always use the npm cli to do modifications to the package-lock.json.
for example, if you npm rm semantic-release && npm i semantic-release -D, you will remove and reinstall in a way that the npm cli will rebuild the tree in your lock file with the latest in-range versions throughout the tree.
alternatively, you might consider our recommendation to avoid depending on semantic-release as a dependency that ends up in your lockfile and instead use npx to install as late as possible only when you are executing a release from your CI pipeline. that helps avoid the staleness problem that can result if you are not regularly refreshing your lockfile.
from exec.
Related Issues (20)
- Action Required: Fix Renovate Configuration
- Add real world examples to documentation HOT 2
- Passing enviornment variables to the script HOT 4
- Simple Script does nothing HOT 5
- Why fail action is not executed if prepareCmd fails?
- publish command run several times HOT 2
- Is it possible to give the previous step output as argument to the script?
- semantic-release peer dependency range dependency tree error HOT 1
- [Security] v6.0.2 has dependencies to vulnerable packages
- Rsync / ZIP not found HOT 1
- Possible to Name @semantic-release/exec for logging?
- deleteme
- plug in does not work from .releaserc.json HOT 1
- Make semantic-release sync Helm Chart.yaml version with package.json version HOT 1
- Upgrade peer dependency semantic-release to version 19.0.3 or later to fix known vulnerability HOT 1
- How can you get the current or next semantic version, without doing anything else ? HOT 1
- failCmd doesn't get invoked when publishCmd returns non-zero error code
- Allow for arrays of commands
- Execute script by commit
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from exec.