If you can update watchpack to 2.x, that is the way to go. So this is also not something I recommend. However, you have to know what your doing (particularly how npm works) to not shoot yourself in the foot and end up undoing the fix without realizing it. The third option is to patch your vulnerable glob-parent with the fix. I don't recommend this, but I also have to admit that npm audit warnings can be a little bit boy-crying-wolf sometimes. The second possibility is that if watchpack is a development dependency only and not something used by the user-facing part of your app, then you probably don't need to worry about this at all and can ignore the message. Or if your project is relatively new, then simply building it with watchpack version 2 to begin with will be the way to go. Maybe if you have excellent test coverage, you can rely on that. Unfortunately, there is no CHANGELOG file in the watchpack repository, so you'll have to find the relevant breaking changes some other way. watchpack version 2 does not depend on a vulnerable version of glob-parent. I'm the person who wrote the fix for glob-parent that landed in There are (at least) three ways to address this.įirst possibility: Update from watchpack version 1 to watchpack version 2. +0200 /proc/asound/card0/codec0 Codec: Realtek ALC887-VD Address: 0 AFG Function Id.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |