-
Notifications
You must be signed in to change notification settings - Fork 204
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
patch vulnerabilities #282
Changes from 3 commits
0d6570c
6ac5619
2f867a5
6c7382b
7865fdb
3295764
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
"@changesets/action": patch | ||
--- | ||
|
||
Patch security vulnerabilities |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,7 +10,17 @@ | |
"@vercel/ncc": "^0.36.1", | ||
"fixturez": "^1.1.0", | ||
"prettier": "^2.0.5", | ||
"typescript": "^5.0.4" | ||
"typescript": "^5.0.4", | ||
"@babel/core": "^7.13.10", | ||
"@babel/preset-env": "^7.13.10", | ||
"@babel/preset-typescript": "^7.13.0", | ||
"@types/fs-extra": "^8.0.0", | ||
"@types/jest": "^29.5.1", | ||
"@types/node": "^12.7.1", | ||
"@types/semver": "^6.0.2", | ||
"babel-jest": "^29.5.0", | ||
"husky": "^3.0.3", | ||
"jest": "^29.5.0" | ||
}, | ||
"scripts": { | ||
"build": "ncc build src/index.ts -o dist --transpile-only --minify", | ||
|
@@ -27,21 +37,11 @@ | |
"@actions/core": "^1.10.0", | ||
"@actions/exec": "^1.1.1", | ||
"@actions/github": "^5.1.1", | ||
"@babel/core": "^7.13.10", | ||
"@babel/preset-env": "^7.13.10", | ||
"@babel/preset-typescript": "^7.13.0", | ||
"@changesets/pre": "^1.0.9", | ||
"@changesets/read": "^0.5.3", | ||
"@manypkg/get-packages": "^1.1.3", | ||
"@octokit/plugin-throttling": "^5.2.1", | ||
"@types/fs-extra": "^8.0.0", | ||
"@types/jest": "^29.5.1", | ||
"@types/node": "^12.7.1", | ||
"@types/semver": "^6.0.2", | ||
"babel-jest": "^29.5.0", | ||
"fs-extra": "^8.1.0", | ||
"husky": "^3.0.3", | ||
"jest": "^29.5.0", | ||
"mdast-util-to-string": "^1.0.6", | ||
"remark-parse": "^7.0.1", | ||
"remark-stringify": "^7.0.3", | ||
|
@@ -54,6 +54,14 @@ | |
}, | ||
"prettier": {}, | ||
"resolutions": { | ||
"**/@octokit/core": "4.2.0" | ||
"**/@octokit/core": "4.2.0", | ||
"glob-parent": "^5.1.2", | ||
"node-fetch": "^2.6.7", | ||
"minimist": "^1.2.8", | ||
"mixme": "^0.5.2", | ||
"minimatch": "^3.1.1", | ||
"lodash": "^4.17.21", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. after your updates packages don't depend on this at all so this is redundant (likely the same story for |
||
"trim": "^0.0.3", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This one comes from |
||
"y18n": "^4.0.1" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do we have a breakdown of what packages depend on some outdated versions of those? Couldn't we update some packages to fix this instead of overriding what is installed using There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is a dependency of There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hm, I also don't quite see that package in the Snyk report. |
||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure what this one is about. I don't see any package to depend on this.