Comments (2)
neither tar
nor fstream
are direct dependencies of semantic-release, there is nothing we can do. You have to delete your lock file and your node_modules folder then install from scratch. It might fix the audit problems. If not, find out with npm ls tar
and npm ls fstream
what is preventing the dependencies to be updated or a previous version to be pinned
from npm.
I dug into this and found the following:
npm ls tar
[email protected] C:\Users\nope\git\nope
+-- @semantic-release/[email protected]
| `-- [email protected]
| +-- [email protected]
| | `-- [email protected]
| +-- [email protected]
| | `-- [email protected] deduped
| `-- [email protected]
+-- [email protected]
| `-- @jest/[email protected]
| `-- [email protected]
| `-- UNMET OPTIONAL DEPENDENCY [email protected]
| `-- UNMET OPTIONAL DEPENDENCY [email protected]
| `-- UNMET OPTIONAL DEPENDENCY [email protected]
`-- [email protected]
`-- [email protected]
`-- [email protected]
Doing an npm uninstall @semantic-release/npm semantic-release node-sass
fixes the vulnerabilities. As soon as I npm install --save-dev @semantic-release/npm semantic-release
, they come back. The issue seems to stem from the latest version of npm depending on an old version of node-gyp. :(
from npm.
Related Issues (20)
- npm whoami failing HOT 3
- `package.json` version not updated, despite correct plugin ordering HOT 1
- Set --no-workspaces with npm version HOT 2
- Command failed with exit code 1: npm version 0.22.2 --userconfig HOT 2
- error on publishing HOT 1
- Publishing failed since update from [email protected] to [email protected] with files mentioned in .gitignore HOT 6
- Update a package.json in a sub folder
- CVE-2023-42282 HOT 1
- Support for custom package.json properties to write changelist entries
- NPM Audit Signatures issue on 11.0.3 HOT 2
- Failed step "prepare" of plugin "@semantic-release/npm" due to reading malformed path HOT 11
- ERR_INVALID_AUTH triggered by semantic-release npm despite not having this field set in checkout directory HOT 11
- semantic-release seems publishing twice and causing error. HOT 1
- Security Issue with out of date [email protected] found with SNYK HOT 3
- Array format/style is being changed HOT 3
- improve auth token resolution
- align approach for concatenating `.npmrc` files to better align with default npm behavior
- account for deprecation of `_auth` in existing `.npmrc` files
- Cannot set properties of null (setting 'peer') HOT 4
- npm ERR! log.http is not a function HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npm.