etr2460 commented on pull request #18922: URL: https://github.com/apache/superset/pull/18922#issuecomment-1055617640
>Unfortunately npm audit fix broke stuff. I reverted that and just bumped those two packages, will look at running npm audit fix in a separate PR. not sure if running `npm audit fix` is worthwhile tbh, see https://overreacted.io/npm-audit-broken-by-design/ and a specific quote: >[](https://overreacted.io/npm-audit-broken-by-design/#what-next)It doesn’t help that npm audit fix (which the tool suggests using) is buggy. I ran npm audit fix --force today and it downgraded the main dependency to a three-year-old version with actual real vulnerabilities. Thanks, npm, great job. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
