endojs / endo

Endo is a distributed secure JavaScript sandbox, based on SES
Apache License 2.0
788 stars 70 forks source link

Running "yarn" on the latest endo master changes yarn.lock in ways that seem unpleasant. #2175

Closed erights closed 4 months ago

erights commented 4 months ago

Describe the bug

I get the changes at https://github.com/endojs/endo/pull/2174 just from running "yarn" in a clean master

For dependencies execa, get-stream, human-signals, and signal-exit, it looks like it is adding a new version in addition to the version that it still lists. This is unpleasant. I would prefer to minimize such cases of cross-version co-existence in the same repository.

Steps to reproduce

Expected behavior

Platform environment

Additional context

Screenshots