vercel[bot]
commented
1 year ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Updated (UTC) |
|---|---|---|---|
| proxy-agents | ✅ Ready (Inspect) | Visit Preview | Jun 28, 2023 7:22am |
Closed ohadsh535 closed 1 year ago
vercel[bot]
commented
1 year ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Updated (UTC) |
|---|---|---|---|
| proxy-agents | ✅ Ready (Inspect) | Visit Preview | Jun 28, 2023 7:22am |
changeset-bot[bot]
commented
1 year ago Latest commit: cf5330a2edcb0e27465e518af19f32f789efbfab
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
TooTallNate
commented
1 year ago If you add a changeset, then I'll merge.
But just for posterity, this change is not necessary! The semver range on this dependency is using ^, meaning that you can already upgrade to the latest version in your project by running npm upgrade (or the equivalent in your package manager of choice).
ohadsh535
commented
1 year ago If you add a changeset, then I'll merge.
But just for posterity, this change is not necessary! The semver range on this dependency is using
^, meaning that you can already upgrade to the latest version in your project by runningnpm upgrade(or the equivalent in your package manager of choice).
I get what you mean regarding the ^ for getting the latest minor within the major.
But when scanned for vulnerabilities on an outer platform, it recognizes as a risk.
And pac-resolver is not a direct dependency on our project.
So installation can be safe, while detection still raises smoke.
TooTallNate
commented
1 year ago Fixed in 0fe8b7265e1a349beeff7374c9905161f7eac6fd.
…2023-32314