louis-launchdarkly
commented
2 years ago @eli-darkly Should this PR removes the package-lock.json files? I don't see that in the Files changed section of this PR.
Closed LaunchDarklyReleaseBot closed 2 years ago
louis-launchdarkly
commented
2 years ago @eli-darkly Should this PR removes the package-lock.json files? I don't see that in the Files changed section of this PR.
[5.14.6] - 2022-03-25
This release contains no changes to SDK functionality. It differs from 5.14.5 only in that the NPM lockfile
package-lock.jsonhas been removed from source control (a change that was already made in 6.x, but had not been backported to the 5.x maintenance branch util now).The lockfile does not affect the dependencies that are loaded when an application uses the SDK, because NPM only pays attention to the lockfile of the root project (the application). Running a security scan on the
node-server-sdkproject produced false results, since the scanner would look at the dependency versions that were current at the time the lockfile was generated-- not the versions that would now be used if an application installed the SDK.