Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Bump various versions to remove vulnerable dependencies #393

Merged
merged 1 commit into from
Jan 4, 2024

Conversation

ibacher
Copy link
Contributor

@ibacher ibacher commented Dec 6, 2023

I said I would work on updating the dependencies here. This is the first pass at it, designed to be very low-touch. Specifically the goal of this PR is resolve as many results reported from pnpm audit without moving to dependencies that are incompatible with Node 12, Webpack 4, etc., and this does that, with one exception, which results from serve depending on a version of minimatch that has a ReDoS issue in the generated configs.

In a near-future follow-on, I'll introduce changes that:

  • Require Node 14 or 16 at a minimum
  • Require Webpack 5

Copy link
Member

@joeldenning joeldenning left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the build passes, this looks good, thanks for your help. Please ping me on Slack in #core-team or #maintainers for the time being when there's a PR to review - my github queue is too large/stressful atm. I've added you as a maintainer to this repo so that your PRs automatically have the build run.

@joeldenning joeldenning merged commit 181da9a into single-spa:main Jan 4, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants