We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug
What is the current behavior?
adding bundlesize to a package.json file causes a vulnerable version of axios to transitively get added to node_modules
bundlesize
package.json
axios
node_modules
What is the expected behavior?
transitive dependencies are able to be updated (especially for patches), often without a bundlesize version publication by leveraging version ranges
Other relevant information.
GHSA-8hc4-vh64-cxmj
siddharthkp/github-build#25
The text was updated successfully, but these errors were encountered:
No branches or pull requests
bug
What is the current behavior?
adding
bundlesizeto apackage.jsonfile causes a vulnerable version ofaxiosto transitively get added tonode_modulesWhat is the expected behavior?
transitive dependencies are able to be updated (especially for patches), often without a
bundlesizeversion publication by leveraging version rangesOther relevant information.
GHSA-8hc4-vh64-cxmj
siddharthkp/github-build#25
The text was updated successfully, but these errors were encountered: