The 2.1.0 release never got published to npm about gaxios HOT 8 CLOSED

What's the ETA on deploying this? Any indirect consumers using npm audit as part of their release process is blocked on builds.

from gaxios.

@JustinBeckwith I reverted back to the commit that was failing npm audit and ran npm audit fix again and it resolved automatically. Looks like you're right about some caching involved.

from gaxios.

@AaronFriel please try this out npm i [email protected], just released it manually, since we didn't quite have things setup for automation yet.

from gaxios.

I just tested it and can confirm it works--came here after noticing it was using a vulnerable version of https-proxy-agent. Thanks, @JustinBeckwith i think this can be closed now?

from gaxios.

🙌 thank you! npm audit fix is still not picking up the resolution path (not sure what algorithm it uses), but manually installing [email protected] resulted in npm audit passing.

Anyone using packages such as @google-cloud/kms may need to perform the same resolution steps.

from gaxios.

Oh weird - can you try deleting your package-lock.json and node_modules and running npm install again? With a clean install I'm seeing:

nodejs-kms (master) $ npm ls --production gaxios
@google-cloud/[email protected] /Users/beckwith/Code/nodejs-kms
└─┬ [email protected]
  └─┬ [email protected]
    ├── [email protected] 
    ├─┬ [email protected]
    │ └── [email protected]  deduped
    └─┬ [email protected]
      └── [email protected]  deduped

from gaxios.

It might be their server caching the value perhaps and only when it was specifically requested did they look it up---like DNS servers I suppose.

from gaxios.

sounds like this is resolved, let us know if you bump into any more issues 👍

from gaxios.