johannesleite
commented
3 months ago @fbosquet-azpn any opinion on this?
Closed johannesleite closed 2 months ago
johannesleite
commented
3 months ago @fbosquet-azpn any opinion on this?
fbosquet-azpn
commented
3 months ago @fbosquet-azpn any opinion on this?
I usually try to avoid directly modifying the package-lock.json unless it's necessary to fix a critical security issue that can't be resolved by simply upgrading a version in the package.json file first.
How was this package-lock updated? Do you know if it resulted from running npm audit fix or something else?
johannesleite
commented
3 months ago I usually try to avoid directly modifying the package-lock.json unless it's necessary to fix a critical security issue that can't be resolved by simply upgrading a version in the package.json file first.
How was this package-lock updated? Do you know if it resulted from running npm audit fix or something else?
@fbosquet-azpn It was updated by deleting it, deleting node modules and installing packages again.
It resolves some vulnerabilities that Snyk reported: https://github.com/equinor/videx-wellog/pull/244 and https://github.com/equinor/videx-wellog/pull/242
This needs confirmation if it should be done or not. It adds resolved and integrity to all entries in package-lock and updating a bunch of the packages in there.