Lerna CVE fix GHSA-8hc4-vh64-cxmj (#28448)

Signed-off-by: debasishbsws <[email protected]>
wolfi-dev · Sep 16, 2024 · e490718 · e490718
1 parent 03cb663
commit e490718
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/lerna.yaml b/lerna.yaml
@@ -1,7 +1,7 @@
 package:
   name: lerna
   version: 8.1.8
-  epoch: 0
+  epoch: 1
   description: "Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository."
   copyright:
     - license: MIT
@@ -21,14 +21,15 @@ environment:
       - ca-certificates-bundle
       - nodejs
       - npm
-      - py3-setuptools
-      - python3
 
 pipeline:
   - name: npm install
     runs: |
       npm install -g ${{package.name}}@${{package.version}} -prefix ${{targets.destdir}}/usr/local/
 
+      # CVE GHSA-8hc4-vh64-cxmj
+      npm install [email protected] -prefix ${{targets.destdir}}/usr/local/lib/node_modules/lerna/
+
       # https://github.com/browserify/resolve/issues/288
       sed -i 's/monorepo-symlink-test/false-positive/g' ${{targets.destdir}}/usr/local/lib/node_modules/lerna/node_modules/resolve/test/resolver/multirepo/package.json