Closed fbartho closed 7 months ago
Latest commit: a4e6fbe628f04e6868eab9f8a3344643962c4d6c
The changes in this PR will be included in the next version bump.
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
I need your assistance for what kind of changeset to include, as this affects many dependencies (in yarn.lock), but doesn't affect Manypkg's API.
Looks like my PR expands on #176 -- sorry I didn't notice it!
Is the project still maintained? If so can we merge this, Snyk marked this vulnerability as critical.
Fixes: #180
package-json went ESM-only, but we only use it in one place in upgrade.ts, and the error that was thrown told me to use a dynamic import, so I did. It was already an
async
context, so I think this is fine?The tests pass!
Many yarn.lock updates though!