Closed github-learning-lab[bot] closed 3 years ago
Great job, @kkchen-dev, your pull request looks good. Thank you for fixing the vulnerable dependency!
Note: You might notice that this repository has a package.json
file, but no package-lock.json
file. In production code it's a good idea to have both files to avoid conflicts resolving the proper version of a dependency. For simplicity, we'll use only package.json
, but GitHub monitors both files in addition to the gamut of supported languages and packages
Nice job merging @kkchen-dev. Go ahead and delete the branch.
Update the dependency
Next, we'll go through the GitHub Flow to make some changes. If you aren't sure how to do this, try the Introduction to GitHub course and then come back to give it another try.
Step 4: Updating dependency versions
Now that you know the recommended version, it's time to edit the
package.json
file. You'll upgrade the package to a non-vulnerable version.:keyboard: Activity: Update the
package.json
file...
) in the right upper corner and click Edit file to edit thepackage.json
file.2.6.9
ofdebug
.