fix: fix cross refs on multiple levels

snyk / nodejs-lockfile-parser

Generate a Snyk dependency tree from package-lock.json or yarn.lock file

Other

56 stars 28 forks source link

fix: fix cross refs on multiple levels #225

Closed gemaxim closed 1 month ago

gemaxim commented 1 month ago

What this does

Fixed cross referenced packages resolution (e.g. root workspace has a local project as dependency, which also has a local project as a dependency as well).

Local workspace projects as dependencies default to 'undefined' version if no version is specified in their package.json file - to match https://github.com/snyk/snyk-nodejs-plugin/blob/main/lib/workspaces/pnpm-workspaces-parser.ts#L39.

Added tests (most file changes).

snyksec commented 1 month ago

:tada: This PR is included in version 1.56.1 :tada:

The release is available on:

npm package (@latest dist-tag)
GitHub release

Your semantic-release bot :package::rocket: