You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dependabot alerts are not applied to the users’ apps for the following reasons:
1. We do not have any actual dependencies in our SDK, just peer and dev dependencies, which do not get installed in the user apps.
2. Supposedly we had a dependency in the future, the package manager will not respect the versions in our yarn.lock, since the dependency resolution will be done in the user’s app according to our package.json not yarn.lock. (*)
References:
(*): A comment by one of Yarn creators, explaining the dependency resolution in an app vs a library: yarnpkg/yarn#838
0 commit comments