You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AndrewLeedham
changed the title
pnpm audit does not report known vulnerability in 7.17.1
pnpm audit does not report known vulnerability in 7.17.1 without a version in the package.json
Dec 1, 2022
pnpm version: 7.17.1
Code to reproduce the issue:
package.json
pnpm-lock.yaml
Expected behavior:
Running
pnpm audit
should yield 1 vulnerability for mem@3.0.1, as it does in7.16.1
Actual behavior:
It prints:
Additional information:
node -v
prints: v16.18.0Windows, macOS, orLinux?:If a
version
is included in thepackage.json
the vulnerability is reported. So it seems that v7.17.0 introduced a regression requiring a version.The text was updated successfully, but these errors were encountered: