Conversation
|
Every package has multiple high vulnerabilities, I would suggest tackling each package's vulns in its own separate PR... |
aruniverse
requested review from
a team,
DanishMehmood-bit,
a-gagnon,
bsy-nicholasw,
eringram,
mdastous-bentley and
simnorm
as code owners
|
Running But the following pkgs still have cves that need to be resolved:
fyi @arnobmallickbsw @itwin/insights-and-reporting-platform |
| @@ -0,0 +1,7 @@ | |||
| { | |||
| "type": "patch", | |||
| "comment": "resolve cves", | |||
There was a problem hiding this comment.
These messages appear in consumer-facing changelog files - they should have a meaning to consumers and be properly formatted.
| "comment": "resolve cves", | |
| "comment": "Bump dependencies.", |
| @@ -0,0 +1,7 @@ | |||
| { | |||
| "type": "patch", | |||
| "comment": "resolve cves", | |||
There was a problem hiding this comment.
These messages appear in consumer-facing changelog files - they should have a meaning to consumers and be properly formatted.
| "comment": "resolve cves", | |
| "comment": "Bump dependencies.", |
| "editor.trimAutoWhitespace": true, | ||
| "editor.defaultFormatter": "esbenp.prettier-vscode", | ||
| "editor.formatOnSave": true, | ||
| // "editor.formatOnSave": true, |
There was a problem hiding this comment.
should these be removed instead of commented-out?
mdastous-bentley
left a comment
mdastous-bentley
left a comment
There was a problem hiding this comment.
Reviewed map-layers and geo-tools
4 participants
This config means the pnpm audit task in the repo only runs against the root lockfile, not invidivual lockfiles across the monorepo.
(At time of writing) We have 63 high vulnerabilities and 1 critical to fix.