Skip to content
This repository has been archived by the owner on Jan 20, 2022. It is now read-only.

default audit severity=high, vulnerable_versions=* #230

Closed
wants to merge 1 commit into from

Conversation

isaacs
Copy link
Contributor

@isaacs isaacs commented Feb 13, 2021

Fix: npm/cli#1875
Related: npm/metavuln-calculator#4

References

@isaacs isaacs closed this in d407da7 Feb 18, 2021
isaacs added a commit to npm/cli that referenced this pull request Feb 18, 2021
* [#1875](#1875)
  [npm/arborist#230](npm/arborist#230) Set default
  advisory `severity`/`vulnerable_range` when missing from audit endpoint
  data ([@isaacs](https://github.com/isaacs))
* [npm/arborist#231](npm/arborist#231) skip
  optional deps with mismatched platform or engine
  ([@nlf](https://github.com/nlf))
* [#2251](#2251) Unpack shrinkwrapped deps
  not already unpacked ([@isaacs](https://github.com/isaacs),
  [@nlf](https://github.com/nlf))
* [#2714](#2714) Do not write package.json
  if nothing changed ([@isaacs](https://github.com/isaacs))
* [npm/rfcs#324](npm/rfcs#324) Prefer peer over
  prod dep, if both specified ([@isaacs](https://github.com/isaacs))
* [npm/arborist#236](npm/arborist#236) Fix
  additional peerOptional conflict cases
  ([@isaacs](https://github.com/isaacs))
@nlf nlf mentioned this pull request Feb 22, 2021
@wraithgar wraithgar deleted the isaacs/audit-default-vulnerable-versions-to-all branch April 22, 2021 17:46
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[BUG] npm audit backwards compatibility against third party tools
2 participants