Next Standard Version security vulnerability
zastrow opened this issue · 1 comments
zastrow commented
Our NPM publishing process uses vidavidorra/next-standard-version, which has not been updated in almost a year. Running npm audit
requires downgrading from 2.1.2
to 1.0.1
which introduces CLI breaking changes and perhaps others. The next-standard-version
repo has a PR to fix this issue that was opened August 2020, so, we likely need a different solution.
- We could look into a different tool for this task and rewrite the process as needed.
- We fork
vidavidorra/next-standard-version
and apply the dependency updates.
iAmNathanJ commented
@zastrow see #77. Using standard-version --dry-run
to manage this release flow. Should probably get input from @jordanleven on this.