Closed sourcegraph-wk closed 2 years ago
ansi-regex < 4.1.1
via yarn.lock
glob-parent < 5.1.2
via yarn.lock
aviary.yaml
coverage of security relevant codeQuestions or Comments? Reach out on Slack: #support-infosec.
QA+1
@Workiva/release-management-pp ready for merge.
We recently discovered that if a package resolves to
dependency_validator >=3.0.0
andbuild_config <1.0.0
, running thedependency_validator
tool will fail during precompilation due to null safety.We are merging a fix to
dependency_validator
, but unfortunately it won't prevent consumers from resolving to the v3.x versions that still have the issue. This PR addresses the issue for consumers by narrowing the range to no longer includedependency_validator v3
.Note: We originally widened this range as a part of the effort to upgrade our ecosystem to
analyzer v1
, but it is not strictly necessary. Consumers ofdependency_validator v2
can still successfully resolve toanalyzer v1
.For more info, reach out to
#support-frontend-architecture
on Slack._Created by Sourcegraph batch change
Workiva/narrow_dependency_validator_range
._