It doesn't seem possible to resolve the vulnerability caused by ndarray-resample just by updating packages, as I explained in #82. For this reason, I just block ndarray-resample and its dependencies from being installed by overriding it with the dry-uninstall dummy package.
The package builds and works correctly but I'm not sure that this doesn't break anything for downstream packages. What I do know is that we're not using any functionality of @magenta/music that uses ndarray-resample, so... it should be fine?
cifkao
commented
5 months ago
Fixes #82.
It doesn't seem possible to resolve the vulnerability caused by
ndarray-resamplejust by updating packages, as I explained in #82. For this reason, I just blockndarray-resampleand its dependencies from being installed by overriding it with thedry-uninstalldummy package.The package builds and works correctly but I'm not sure that this doesn't break anything for downstream packages. What I do know is that we're not using any functionality of
@magenta/musicthat usesndarray-resample, so... it should be fine?