fix: Upgrade nodemon dependency so we no longer use flatmap-stream (!107) · Merge requests · GitLab.org / gitlab-ui

Inactive Account requested to merge winh-upgrade-dependencies into master Nov 27, 2018

We have flatmap-stream as a transient dependency:

yarn why flatmap-stream
yarn why v1.12.0
[1/4] 🤔  Why do we have the module "flatmap-stream"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "flatmap-stream@0.1.1"
info Reasons this module exists
   - "nodemon#pstree.remy#ps-tree#event-stream" depends on it
   - Hoisted from "nodemon#pstree.remy#ps-tree#event-stream#flatmap-stream"
info Disk size without dependencies: "32MB"
info Disk size with unique dependencies: "32MB"
info Disk size with transitive dependencies: "32MB"
info Number of shared dependencies: 0
✨  Done in 1.11s.

That package contains malicious code: https://github.com/dominictarr/event-stream/issues/116

Edited Oct 29, 2021 by 🤖 GitLab Bot 🤖

fix: Upgrade nodemon dependency so we no longer use flatmap-stream

Merge request reports