prevent release unless `npm i` reports 0 vulnerabilities
allanbowe opened this issue · comments
Allan Bowe commented
often the CLI dependencies will report vulnerabilities, and whilst these almost never have any actual impact on the CLI, the log does not look presentable.
This issue occurred in the 4.0.0 release (3 medium severity due to tough cookie package), fixed in 4.0.1.
We should have zero vulnerabilities (green) report when installing the CLI using NPM, and the release should fail if this is not the case.
Yury Shkoda commented
potentially also related to @sasjs/utils
github-actions commented
🎉 This issue has been resolved in version 4.10.1 🎉
The release is available on:
Your semantic-release bot 📦🚀