Version mismatch on `mkdirp` between `package.json` and `package-lock.json`

http-party / node-portfinder

A simple tool to find an open port or domain socket on the current machine

https://github.com/http-party/node-portfinder

Other

887 stars 95 forks source link

Version mismatch on `mkdirp` between `package.json` and `package-lock.json` #108

Closed LostInBrittany closed 4 years ago

LostInBrittany commented 4 years ago

Hi!

I see that in PR #101 you bumped-up the version of mkdirp to 0.5.5 which in turn updates minimist to 1.2.5 which addresses https://www.npmjs.com/advisories/1179

Problem is that this PR only updated package-lock.json and not package.json that remains at 0.5.1. As package.json still depends on mkdirp 0.5.1, when we get node-portfinder as a dependency, we still get an old version of minimalist.

eriktrom commented 4 years ago

whoa, thankyou @LostInBrittany - sorry for the delay here, shipping update immediately