Closed julielaursen closed 4 months ago
Ramda just needed an update. Strange snyk/dependabot didn't pick this up yet.
In any case, it will be fixed in the next release.
@mefellows my team is blocked completely by this, do you have an ETA on when that next release might be?
You should really build your CI systems to be resilient to such things. This is a development dependency, what's the actual risk? It's just security theatre.
There are ways to replace packages that are vulnerable using yarn, I'd suggest you do that for now as a workaround until the next release is out.
Software versions
Please provide at least OS and version of pact-js
Issue Checklist
Please confirm the following:
Expected behaviour
Pact should not cause issues in Fossa vulnerability scanning software
Actual behaviour
In our Fossa step in CI, we are getting this error
for version ramda (0.28.0) When i run
yarn why ramda
I get:I suspect this may be the same issue as https://github.com/pact-foundation/pact-js/issues/962 and https://github.com/pact-foundation/pact-js/issues/880
Because Fossa is required in CI, this blocks our CI for all PRs moving forward