1. We have several high severity CVEs in the project and this intends to
   fix a large batch of them by forcing the resolutions project-wide.
2. Longer term fix is to upgrade our direct dependencies that will have
   upgraded their own direct and transitive dependencies to non-vulnerable
   versions but while we wait for all the fixes to trickle up through our
   dependency tree we need a solution that avoids having the vulnerable
   versions installed.
3. This does not fix all the currently vulnerable dependencies of ours
   because some of the dependencies have not shipped a fix yet at all and
   in these cases our only other option would be to strip out the library
   and re-implement something from scratch.
4. The dependencies which did not have a fix available I prefixed with "x-"
   in the root package.json's resolutions declaration so that they are there
   at least for reference and as soon as (hopefully soon) the fixes ship
   we just need to remove the x- prefix to make it available.

Signed-off-by: Peter Somogyvari [email protected]

Pull Request Requirements

• Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
• Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
• Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

• Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
• Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.