-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove backport from optionalDependencies #2049
Closed
shinebayar-g opened this issue
Dec 24, 2023
· 1 comment
· Fixed by cdk8s-team/cdk8s-projen-common#847
Closed
Remove backport from optionalDependencies #2049
shinebayar-g opened this issue
Dec 24, 2023
· 1 comment
· Fixed by cdk8s-team/cdk8s-projen-common#847
Labels
bug
Something isn't working
effort/small
1 day tops
ops
Ops related issue
priority/p1
Should be on near term plans
Comments
shinebayar-g
added
bug
Something isn't working
needs-triage
Priority and effort undetermined yet
labels
Dec 24, 2023
Oh nice. We we should move it to Thanks! |
iliapolo
added
effort/small
1 day tops
priority/p1
Should be on near term plans
ops
Ops related issue
and removed
needs-triage
Priority and effort undetermined yet
labels
Jun 1, 2024
mergify bot
pushed a commit
to cdk8s-team/cdk8s-projen-common
that referenced
this issue
Jun 5, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Something isn't working
effort/small
1 day tops
ops
Ops related issue
priority/p1
Should be on near term plans
Description of the bug:
Package called
backport
is defined in theoptionalDependencies
. If I'm understanding correctly packages defined inoptionalDependencies
is installed by default. Thus considered as a direct dependency and its dependencies are getting flagged in security vulnerability. (Likeaxios
for example).cdk8s-core/package.json
Lines 174 to 176 in bc6f483
This is confirmed in npm as well.
I suggest we should move this to
devDependencies
.Reproduction Steps:
Error Log:
Environment:
Other:
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: