| 00:39 | <bakkot> | does anyone care to review https://github.com/tc39/ecma262/pull/3390 or can I stamp it |
| 01:23 | <Michael Ficarra> | 🚢 it |
| 17:11 | <shu> | what does npm audit do? |
| 17:12 | <shu> | oh i see |
| 17:12 | <shu> | how is this useful for CI...? that's crazy |
| 17:12 | <Michael Ficarra> | https://docs.npmjs.com/cli/v10/commands/npm-audit |
| 17:15 | <Michael Ficarra> | it could be useful as its own CI action (though I guess it would go from passing to failing on its own, which is undesirable), but it definitely shouldn't happen for other actions like build or test |
| 17:32 | <bakkot> | apparently it's intentional though https://github.com/npm/cli/issues/2703 |
| 17:50 | <ljharb> | it's useful when a PR would add a NEW vuln. it's hugely disruptive when a new vuln suddenly appears on an existing dep. |
| 17:55 | <bakkot> | when it's just a warning in setup you'll never see it either way |
| 18:18 | <Michael Ficarra> | yeah if it's just a warning, you'll never see it, and if it's an error, it'll just randomly pop up and get in your way as new vulnerabilities get published |
| 22:32 | <Michael Ficarra> | specifically you need to fix the table in 27.5.2 to not list undefined, and remove GeneratorStart step 7 |
| 22:33 | <Michael Ficarra> | updated the table though, I didn't know we had already explicitly listed undefined |
| 22:34 | <Michael Ficarra> | oh I get it, it's no longer necessary since it's already in that state |
| 22:36 | <Michael Ficarra> | okay please review https://github.com/tc39/ecma262/pull/3383 again |