build(deps-dev): Bump lerna from 4.0.0 to 6.4.1#353
build(deps-dev): Bump lerna from 4.0.0 to 6.4.1#353dependabot[bot] wants to merge 1 commit intodependabot_developfrom
Conversation
Socket Security Pull Request ReportDependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again. 📜 Install scriptsInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
😵💫 Bin script confusionThis package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack Consider removing one of the conflicting packages. Packages should only export bin scripts with their name Pull request report summary
Bot CommandsTo ignore an alert, reply with a comment starting with
Powered by socket.dev |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/dependabot_develop/lerna-6.4.1
branch
6 times, most recently
from
0c63173 to
58c3149
Compare
Bumps [lerna](https://github.com/lerna/lerna/tree/HEAD/core/lerna) from 4.0.0 to 6.4.1. - [Release notes](https://github.com/lerna/lerna/releases) - [Changelog](https://github.com/lerna/lerna/blob/v6.4.1/core/lerna/CHANGELOG.md) - [Commits](https://github.com/lerna/lerna/commits/v6.4.1/core/lerna) --- updated-dependencies: - dependency-name: lerna dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/dependabot_develop/lerna-6.4.1
branch
from
58c3149 to
4a0ac9c
Compare
|
Superseded by #387. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/dependabot_develop/lerna-6.4.1
branch
Bumps lerna from 4.0.0 to 6.4.1.
Release notes
Sourced from lerna's releases.
... (truncated)
Changelog
Sourced from lerna's changelog.
... (truncated)
Commits
a5217c6chore(release): v6.4.124d0d5cfix(run): resolve erroneous failures (#3495)eb4a755chore(docs): add workspace watching feature doc (#3487)1053de3chore(release): v6.4.0008b995feat(watch): Addlerna watchcommand (#3466)329eb99chore(release): v6.3.0e019e3ffeat(version): use npmClientArgs in npm install after lerna version (#3434)e057f56chore(release): v6.2.0027d943feat(publish): add --summary-file option (#2653)d286973fix(schema): add the other format changelogPreset can assume (#3441)Maintainer changes
This version was pushed to npm by jameshenry, a new releaser for lerna since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)