Closed fbartho closed 7 months ago
Dependabot reported in one of my repos:
@manypkg/cli@0.20.0 requires got@^9.6.0 via package-json@6.5.0
Indeed, main for manypkg/cli https://github.com/Thinkmill/manypkg/blob/44285d8a2a98504f5b51b97d2a740ae662240380/packages/cli/package.json#L23 does actually require package-json@6.5.0
main
package-json@6.5.0
And package-json has a later version available that has a newer version of "got" https://github.com/sindresorhus/package-json/blob/fbbee76b615efdb489e72439130b4075b2ec793a/package.json#L38
Any objections if we update it?
Dependabot reported in one of my repos:
Indeed,
main
for manypkg/cli https://github.com/Thinkmill/manypkg/blob/44285d8a2a98504f5b51b97d2a740ae662240380/packages/cli/package.json#L23 does actually requirepackage-json@6.5.0
And package-json has a later version available that has a newer version of "got" https://github.com/sindresorhus/package-json/blob/fbbee76b615efdb489e72439130b4075b2ec793a/package.json#L38
Any objections if we update it?