Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: the CVEs of braces nth-check vite webpack-dev-middleware - 2024-07
1. We have several high severity CVEs in the project and this intends to fix a large batch of them by forcing the resolutions project-wide. 2. Longer term fix is to upgrade our direct dependencies that will have upgraded their own direct and transitive dependencies to non-vulnerable versions but while we wait for all the fixes to trickle up through our dependency tree we need a solution that avoids having the vulnerable versions installed. 3. This does not fix all the currently vulnerable dependencies of ours because some of the dependencies have not shipped a fix yet at all and in these cases our only other option would be to strip out the library and re-implement something from scratch. 4. The dependencies which did not have a fix available I prefixed with "x-" in the root package.json's resolutions declaration so that they are there at least for reference and as soon as (hopefully soon) the fixes ship we just need to remove the x- prefix to make it available. Signed-off-by: Peter Somogyvari <[email protected]>
- Loading branch information