Closed atlasharry closed 1 week ago
I have changed the ws
into ^8.17.1
and web-ext
into ^8.2.0
in both package.lock.json
and package.json
.
However, one thing I noticed is when I build the app according to package.json via npm install
or npm install --production=false
, I would ended up creating a totally different package.lock file which has much more than changing only "ws" and "web-ext" (This may because the current package.lock on our github is outdated?")
In this branch, I only keep the changes of ws
and web-ext
version in the package.lock.json. Since by updating package.json, the user can build their own app and update the dependencies in package.lock.json accordingly.
I have tested the new dependency versions and the app works perfectly fine on my end.
Excellent, @atlasharry!
@atlasharry, can you open a PR and add @dadak-dom as reviewer?
(cc'ing @Mattm27)
Corresponding OptMeowt issue for reference.
As discussed, if useful, @atlasharry will also add a comment in the readme for developers on how to fix these type of dependency issues as we will likely continue to see them since we have a good number of dependencies.
Thanks, @atlasharry! And once the fix is in, we can close the alert manually.
This issue is for Dependabot alert 70.