Currently, lint-staged depends on a forked version of listr-update-renderer, which is pointing at a branch owned by you. When we went to deploy after merging the latest version of lint-staged, we got integrity errors installing this version of listr-update-renderer. My hunch is that it was a version mismatch, pointing the v0.4.0 sha of listr-update-renderer at the GitHub branch version.
My initial suggestion was going to be to lock it to a specific commit hash. Then at least when you commit to that branch, we won't get integrity errors related to those changes. That said, I'm not entirely sure what the underlying issue was. Hopefully you get that fix merged upstream soon :).
lint-staged: v8.0.0I鈥檓 not sure how I should resolve this one. Suggestions?
My initial suggestion was going to be to lock it to a specific commit hash.
Beyond that, I'm not sure. Maybe also bumping the version in package.json in that branch? The underlying cause of the problem isn't entirely clear to me.
Open a PR?
We hit this too. I ended up having to clear my npm cache locally, then npm i to update the package-lock. However it broke again once 8.0.1-8.0.3 were published so I had to re-run npm i to update the package-lock again to fix it.
I'm afraid I can't do much about it until the PR with this change is going to be merged into the upstream repo. Alternatively I could publish my own package, of course. Ideas?
You could but I think you'd have to publish both listr and listr-update-renderer since the latter is a tertiary dependency.
This is currently causing npm audit to fail for Node 10.13.0 and npm 6.4.1 for any project that uses lint-staged as a devDependency.
I'm afraid I can't do much about it until the PR with this change is going to be merged into the upstream repo. Alternatively I could publish my own package, of course. Ideas?
Do you mean this PR https://github.com/SamVerschueren/listr-update-renderer/pull/9 ? It looks like it failed to build, which is probably why it's not been looked at.
Closing in favor of #533