You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2020/09/17 00:56:05 UTC

[GitHub] [incubator-superset] mistercrunch edited a comment on pull request #10925: Update vulnerable packages identified by FOSSA

mistercrunch edited a comment on pull request #10925:
URL: https://github.com/apache/incubator-superset/pull/10925#issuecomment-693737878


   Mmmh, I think the way to fix isn't to add it to our `package.json`, but to try to:
   - try `npm audit fix`, see if npm knows about the issue and how to fix it
   - use `npm ls` to figure out which direct dependency package it's coming from and try to bump that (in this case, this is from `storybook/components@6.0.13` -> `react-syntax-highlighter@12.2.1` - > `prismjs@1.15.0` )
   - try `npm upgrade` to upgrade the direct deps, which is limited to semver updates
   - use `npm outdated` to see the current/latest for the direct deps
   
   That can become quite a puzzle


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org