Skip to content

Fixes bugs in yarn npm audit #5833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 24, 2023
Merged

Fixes bugs in yarn npm audit #5833

merged 4 commits into from
Oct 24, 2023

Conversation

arcanis
Copy link
Member

@arcanis arcanis commented Oct 24, 2023

What's the problem this PR addresses?

The rewrite of yarn npm audit broke a couple of things in the advisory reporting.

Fixes #5824 - The --exclude filter wasn't applied to deprecations
Fixes #5830 - The --json output was printing the raw registry output, not the filtered tree

How did you fix it?

Fixed the deprecation iterations (we were iterating the unfiltered data).

Fixed the json reporting to instead print the same tree as the one we would have displayed outside of --json. It's technically a breaking change, but it was supposed to be like that so it's probably fine to treat it as a 7.0.1 bugfix.

Added tests to prevent regressions.

Checklist

  • I have set the packages that need to be released for my changes to be effective.
  • I will check that all automated PR checks pass before the PR gets reviewed.

This was referenced Oct 24, 2023
Closed
Closed
wojtekmaj
wojtekmaj reviewed Oct 24, 2023
View reviewed changes
@arcanis arcanis merged commit ccb28f2 into master Oct 24, 2023
@arcanis arcanis deleted the mael/audit-fixes branch October 24, 2023 12:18
@arcanis arcanis mentioned this pull request Oct 27, 2023
Closed
1 task
@arcanis arcanis mentioned this pull request Jul 24, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@wojtekmaj wojtekmaj wojtekmaj left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug?]: npm audit --json output vulnerabilities that are in --ignore [Bug?]: excluding specific deprecated package doesn't work for npm audit
2 participants
@arcanis @wojtekmaj