From 6f77953795eaba97b6b650a78c05b1fcb32be91c Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Mon, 28 May 2018 19:41:34 +0200
Subject: [PATCH] =?UTF-8?q?fix(npm):=20use=20=E2=80=94no-audit?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/manager/npm/post-update/lerna.js | 2 +-
 lib/manager/npm/post-update/npm.js   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/manager/npm/post-update/lerna.js b/lib/manager/npm/post-update/lerna.js
index 32b8f339d8..ca973b6f29 100644
--- a/lib/manager/npm/post-update/lerna.js
+++ b/lib/manager/npm/post-update/lerna.js
@@ -28,7 +28,7 @@ async function generateLockFiles(lernaClient, tmpDir, env) {
     logger.debug('Using lerna version ' + lernaVersion);
     const params =
       lernaClient === 'npm'
-        ? '--package-lock-only'
+        ? '--package-lock-only --no-audit'
         : '--ignore-scripts --ignore-engines --ignore-platform --mutex network:31879';
     cmd = `find . && ${lernaClient} install ${params} && npx lerna@${lernaVersion} bootstrap -- ${params}`;
     logger.debug({ cmd });
diff --git a/lib/manager/npm/post-update/npm.js b/lib/manager/npm/post-update/npm.js
index 24abea6264..965e5beb4e 100644
--- a/lib/manager/npm/post-update/npm.js
+++ b/lib/manager/npm/post-update/npm.js
@@ -53,7 +53,7 @@ async function generateLockFile(tmpDir, env, filename) {
       }
     }
     logger.debug(`Using npm: ${cmd}`);
-    cmd = `find . && ${cmd} --version && ${cmd} install --package-lock-only && find .`;
+    cmd = `find . && ${cmd} --version && ${cmd} install --package-lock-only --no-audit && find .`;
     // TODO: Switch to native util.promisify once using only node 8
     ({ stdout, stderr } = await exec(cmd, {
       cwd: tmpDir,
-- 
GitLab