Commit eb97ffb
committed
Fix security vulnerabilities in dev dependencies (#431)
Resolves 13 security vulnerabilities:
- 2 critical vulnerabilities in form-data
- 6 high vulnerabilities in minimatch and tar
- 4 moderate vulnerabilities in ajv, qs, and tough-cookie
- 1 low vulnerability
Changes:
- Upgraded @definitelytyped/utils from 0.0.168 to 0.1.13
- Fixes vulnerabilities in transitive dependencies: form-data, qs,
tough-cookie, and tar
- Downgraded dtslint from 4.2.0 to 3.4.2
- Required to use the fixed @definitelytyped/utils version
- 4.2.x still depends on vulnerable @definitelytyped/utils@0.0.168
- Updated package-lock.json and yarn.lock
Verification:
- npm audit: 0 vulnerabilities
- Build test: passed with node-pre-gyp build
- Binary generated: lib/binding/pulsar.node
Note: dtslint@3.4.2 is deprecated, see https://aka.ms/type-testing-tools
but it is needed until a newer stable version is available that
does not depend on vulnerable packages.
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
(cherry picked from commit 579a97b4a64a7e5b7bfada66ad865de708a06534)1 parent 11afc3a commit eb97ffb
3 files changed
Lines changed: 2043 additions & 1867 deletions
0 commit comments