Open aaronmccall opened 1 year ago
When I run npx yarn-audit-fix from the root of my project I see the following output:
npx yarn-audit-fix
~/Projects/phytochrome-web-ui [fix/230530_audit-deps-updates L|✚ 2⚑ 4] 13:37 $ npx yarn-audit-fix Resolve bins Runtime digest isMonorepo false bins yarn yarn npm npm versions node v16.16.0 npm 8.11.0 yarn 1.22.19 yaf 9.3.10 yafLatest 9.3.10 temp /Users/aaronmccall/Projects/phytochrome-web-ui/node_modules/.cache/yarn-audit-fix/735b3b381d052b6a3384e038fcde4204 cwd /Users/aaronmccall/Projects/phytochrome-web-ui flags flow patch npm-path system dry-run true Verifying package structure... Preparing temp assets... Patching yarn.lock with audit data... invoke yarn audit --json Audit check found no issues Installing deps update... invoke yarn install --update-checksums yarn install v1.22.19 [1/4] 🔍 Resolving packages... warning Resolution field "ramda@0.28.0" is incompatible with requested version "ramda@^0.27.2" warning Resolution field "ramda@0.28.0" is incompatible with requested version "ramda@^0.27.1" success Already up-to-date. ✨ Done in 0.52s. Done
When I run yarn audit, I see (snipped for brevity):
yarn audit
41 vulnerabilities found - Packages audited: 1687 Severity: 6 Moderate | 34 High | 1 Critical ✨ Done in 2.08s.
P.S. I updated node/npm to v18.16.0/v9.5.1 and had the same result.
Hey, @aaronmccall,
Could you attach a minimal pkg.json and yarn.lock which reproduces the isseu?
Sure thing, @antongolub. See attached. package-redacted.json.txt yarn.lock.txt
same issue for me
When I run
npx yarn-audit-fix
from the root of my project I see the following output:When I run
yarn audit
, I see (snipped for brevity):P.S. I updated node/npm to v18.16.0/v9.5.1 and had the same result.