JustinBeckwith
commented
2 years ago I love how this upgrade to update-notifier requires node 14 and a transition to ESM. Awesome.
Closed holblin closed 2 years ago
JustinBeckwith
commented
2 years ago I love how this upgrade to update-notifier requires node 14 and a transition to ESM. Awesome.
holblin
commented
2 years ago Hi @bcoe , I disagree with the completion of this issue. There was no new release of GTS following the fix, which keep all the consumers impacted.
Could we re-open the issue until we got a new version published in NPM?
bcoe
commented
2 years ago @holblin 4.0.0 is released to the dist-tag next:
npm i gts@next
However it seems to have some issues:
Error: Cannot read config file: /Users/bencoe/google/nodejs-vision/samples/.eslintrc.yml
Error: Function yaml.safeLoad is removed in js-yaml 4. Use yaml.load instead, which is now safe by default.
at Object.safeLoad (/Users/bencoe/google/nodejs-vision/node_modules/@eslint/eslintrc/node_modules/js-yaml/index.js:10:11)
at loadYAMLConfigFile (/Users/bencoe/google/nodejs-vision/node_modules/@eslint/eslintrc/lib/config-array-factory.js:161:21)
at loadConfigFile (/Users/bencoe/google/nodejs-vision/node_modules/@eslint/eslintrc/lib/config-array-factory.js:319:20)@holblin I believe the issue I was running into was a stale package-lock.json issue, could you try 4.0.0 and let me know if it works for you?
holblin
commented
2 years ago It works 👍 Thanks a lot :-)
Hi,
I have multiple packages that use gts. Due to a CVE,
gtsis impacted in his last version:Updating
update-notifierto the latest version and releasing a new version ofgts, will solve the issue.Indeed, currently, this is the chain of versions from gts:
update-notifier (^5.0.0) > latest-version (^5.1.0) > package-json (^6.3.0) > got (^9.6.0)And this will be the new chain of versions after the change:update-notifier (6.0.2) > latest-version (^7.0.0) > package-json (^8.1.0) > got (^12.1.0)