Skip to content

Maintenance: pin lerna to 8.1.2 due to upstream regression #2645

New issue
New issue
Closed
#2646
Closed
Maintenance: pin lerna to 8.1.2 due to upstream regression#2645
#2646
Assignees
dreamorosi
Labels
automationThis item relates to automationcompletedThis item is complete and has been merged/shippedinternalPRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.)
@dreamorosi

Description

@dreamorosi
dreamorosi
opened on Jun 13, 2024

Summary

While releasing the next upcoming version we discovered that lerna has had a regression that causes the lock file to be mutated in places that should not be.

The issue has already been reported to Lerna by others lerna/lerna#4026

We should pin the version to the last known working one.

Why is this needed?

So that we can carry on with the release by using a known working version.

Which area does this relate to?

Automation

Solution

Pin lerna to 8.1.2 and override the tar dependency so that we don't have any vulnerable package in the lock file.

Acknowledgment

Future readers

Please react with 👍 and your use case to help us understand customer demand.

Metadata

Metadata

Assignees

Labels

automationThis item relates to automationcompletedThis item is complete and has been merged/shippedinternalPRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.)

Type

No type

Projects

Powertools for AWS Lambda (TypeScript)

Status

Shipped

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions