nierob
nierob
Gentle ping?
Hi, all the failures in CI feels unrelated, should I do something more to get this PR merged?
> 3.9 failure looks intermittent, might be worth rerunning. I have no means of re-running other then changing something and re-pushing. I guess it is related to some permissions. >...
Lately I migrated to `npm-audit-resolver`, it works Ok and fulfils my needs. Up to now, I have stumbled only on one issue; generated resolve file can be big (lodash case…)....
> Thanks for mentioning compression. Although the goal is to be very explicit not to invite future occurrences, you got me thinking. The list can be compressed by putting a...
> @nierob that doesn't cover when a package from your dev deps gets ignored because the vulnerable cod is obviously unreachable, but then it resurfaces as a prod dependency pulled...
We have structured our infrastructure code as a single project, so we have one dependency graph for all. We are using `--target + --target-dependents` option a lot, to have partial...
> From discussion with @Frassle, one option here for the near term would be to make this a warning instead of an error, and to use the provider as established...
Gentle ping? Any hopes for a fix?
> @alexandr-x-ursul, this is an area we'd definitely like to improve. Which [backend](https://www.pulumi.com/docs/concepts/state/) are you using to store the state? I did reproduce it with azure blob storage. Adding: ```...