default audit severity=high, vulnerable_versions=*#230

isaacs · 2021-02-13T00:58:01Z

References

@isaacs

* [#1875](#1875) [npm/arborist#230](npm/arborist#230) Set default advisory `severity`/`vulnerable_range` when missing from audit endpoint data ([@isaacs](https://github.com/isaacs)) * [npm/arborist#231](npm/arborist#231) skip optional deps with mismatched platform or engine ([@nlf](https://github.com/nlf)) * [#2251](#2251) Unpack shrinkwrapped deps not already unpacked ([@isaacs](https://github.com/isaacs), [@nlf](https://github.com/nlf)) * [#2714](#2714) Do not write package.json if nothing changed ([@isaacs](https://github.com/isaacs)) * [npm/rfcs#324](npm/rfcs#324) Prefer peer over prod dep, if both specified ([@isaacs](https://github.com/isaacs)) * [npm/arborist#236](npm/arborist#236) Fix additional peerOptional conflict cases ([@isaacs](https://github.com/isaacs))

default audit severity=high, vulnerable_versions=*

9e88f87

Fix: npm/cli#1875 Related: npm/metavuln-calculator#4

ruyadorno approved these changes Feb 18, 2021

View reviewed changes

isaacs closed this in d407da7 Feb 18, 2021

isaacs mentioned this pull request Feb 18, 2021

@npmcli/arborist@2.2.3 npm/cli#2727

Merged

nlf mentioned this pull request Feb 22, 2021

Release/v7.5.5 npm/cli#2754

Merged

ruyadorno mentioned this pull request Feb 24, 2021

deps: upgrade npm to 7.5.6 nodejs/node#37496

Closed

wraithgar deleted the isaacs/audit-default-vulnerable-versions-to-all branch April 22, 2021 17:46