Skip to content

Commit eb97ffb

Browse files
committed
Fix security vulnerabilities in dev dependencies (#431)
Resolves 13 security vulnerabilities: - 2 critical vulnerabilities in form-data - 6 high vulnerabilities in minimatch and tar - 4 moderate vulnerabilities in ajv, qs, and tough-cookie - 1 low vulnerability Changes: - Upgraded @definitelytyped/utils from 0.0.168 to 0.1.13 - Fixes vulnerabilities in transitive dependencies: form-data, qs, tough-cookie, and tar - Downgraded dtslint from 4.2.0 to 3.4.2 - Required to use the fixed @definitelytyped/utils version - 4.2.x still depends on vulnerable @definitelytyped/utils@0.0.168 - Updated package-lock.json and yarn.lock Verification: - npm audit: 0 vulnerabilities - Build test: passed with node-pre-gyp build - Binary generated: lib/binding/pulsar.node Note: dtslint@3.4.2 is deprecated, see https://aka.ms/type-testing-tools but it is needed until a newer stable version is available that does not depend on vulnerable packages. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> (cherry picked from commit 579a97b4a64a7e5b7bfada66ad865de708a06534)
1 parent 11afc3a commit eb97ffb

3 files changed

Lines changed: 2043 additions & 1867 deletions

File tree

0 commit comments

Comments
 (0)