Closed m-schrepel closed 3 years ago
Currently package-lock.json
is in source control— which probably doesn't make sense for a library project, so I think we will probably remove it at some point, but since it's in there now it does need to be committed for any dependency change. But we were going to do that anyway as a follow-up to the eventsource release, so you don't need to submit a PR. Sorry we were just moving slowly.
Requirements
Related issues
https://github.com/launchdarkly/js-eventsource/pull/11
209
Describe the solution you've provided
The newly published
launchdarkly-eventsource
package bumps the version oforiginal
to 1.0.1 where theurl-parse
issue is fixed. This would take in 1.4.1 of eventsource instead of 1.4.0 which will resolve theurl-parse
issue at a top-levelAdditional context
https://github.com/advisories/GHSA-9m6j-fcg5-2442