chore: update set-value to >=4.0.1 #2849
Conversation
iamhopaul123
requested review from
Lou1415926
and removed request for
a team
iamhopaul123
added
the
do-not-merge
| @@ -2501,7 +2501,7 @@ | |||
| "get-value": "^2.0.6", | |||
| "has-value": "^1.0.0", | |||
| "isobject": "^3.0.1", | |||
| "set-value": "^2.0.0", | |||
| "set-value": ">=4.0.1", | |||
There was a problem hiding this comment.
shouldn't we be updating the dependencies section instead of modifying package-lock?
https://github.com/aws/copilot-cli/blob/mainline/cf-custom-resources/package.json#L25
There was a problem hiding this comment.
yeah that's why i put the label before 😃 now fixed
There was a problem hiding this comment.
I still didn't add it to the package file because we don't directly depend on that package.
There was a problem hiding this comment.
But won't it get overridden, I don't get how it's fixed 😅
My understanding is that package-lock isnt' meant to be modified manually. If we ever upgrade a dependency in package.json, and run npm install then I think it will reset these changes, I'd expected the following to be our enforcing mechanism:
"dependencies": {
"set-value": ">=4.0.1",There was a problem hiding this comment.
Hmm i tried to do npm install and it didn't revert the change. But sure I'll just add it to package.json
iamhopaul123
force-pushed
the
fix-dependabot-alert
branch
from
d815f4c to
31d58c0
Compare
iamhopaul123
removed
the
do-not-merge
efekarakus
added
the
do-not-merge
iamhopaul123
removed
the
do-not-merge
Fix dependabot alert
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.