Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Dependabot alerts are not applied to the users’ apps for the following reasons: 1. We do not have any actual dependencies in our SDK, just peer and dev dependencies, which do not get installed in the user apps. 2. Supposedly we had a dependency in the future, the package manager will not respect the versions in our yarn.lock, since the dependency resolution will be done in the user’s app according to our package.json not yarn.lock. (*) References: (*): A comment by one of Yarn creators, explaining the dependency resolution in an app vs a library: yarnpkg/yarn#838
- Loading branch information