Version mismatch on `mkdirp` between `package.json` and `package-lock.json`
LostInBrittany opened this issue · 1 comments
LostInBrittany commented
Hi!
I see that in PR #101 you bumped-up the version of mkdirp to 0.5.5 which in turn updates minimist to 1.2.5
which addresses https://www.npmjs.com/advisories/1179
Problem is that this PR only updated package-lock.json and not package.json that remains at 0.5.1. As package.json still depends on mkdirp 0.5.1, when we get node-portfinder as a dependency, we still get an old version of minimalist.
eriktrom commented
whoa, thankyou @LostInBrittany - sorry for the delay here, shipping update immediately