-
When I run `yarn run yarn-audit-fix --force --audit-level high`, and `pug` needs to be upgraded from major semver `2` to `3`, I get this message from `yarn-audit-fix`:
```shell
Verifying package s…
-
```
yarn audit
[…]
901 vulnerabilities found - Packages audited: 601
Severity: 473 Low | 7 Moderate | 420 High | 1 Critical
```
Ok, lets upgrade.
```
yarn upgrade
[…]
yarn audit
[…]
21…
-
a classic one :)
```
662 vulnerabilities found - Packages audited: 1854
Severity: 653 Low | 2 Moderate | 7 High
```
one that caught my eye (just to assert that this needs to be addressed)
`…
-
The following errors were reported by 5.7.0-dev.20241006 vs 5.6.2
[Pipeline that generated this bug](https://typescript.visualstudio.com/TypeScript/_build?definitionId=48)
[Logs for the pipeline run](…
-
I prefer to build from source, and trying to make the PKGBUILD. What is missing/wrong?
```
_npmname="awakened-poe-trade"
pkgname=awakened-poe-trade
pkgver=3.23.10003
pkgrel=1
pkgdesc="Path Of …
-
Yarn audit on 7.70.25:
```
120 vulnerabilities found - Packages audited: 984
Severity: 11 Low | 67 Moderate | 34 High | 8 Critical
Done in 1.80s.
```
Yarn audit on 7.10.31 even more:
```
1…
-
This is rather a suggestion than an issue.
Today, `yarn audit` failed warning me about https://github.com/advisories/GHSA-78xj-cgh5-2h22 in `mongodb>socks>ip`
Running `npx yarn-audit-fix` ended …
-
### Self-service
- [X] I'd be willing to implement a fix
### Describe the bug
Recently we discovered that a previously fine package.json would fail to `yarn audit` (using Yarn v1.22.5). After…
-
`trivy` security scanner reports vulnerable dependencies in Shaarli's `yarn.lock`
https://github.com/shaarli/Shaarli/actions/runs/7077779999/job/19262500733
```
yarn.lock (yarn)
==============…
-
The following errors were reported by 5.7.0-dev.20241020 vs 5.6.3
[Pipeline that generated this bug](https://typescript.visualstudio.com/TypeScript/_build?definitionId=48)
[Logs for the pipeline run](…