Skip to content

Commit a2d89a5

Browse files
yogeshchoudhary147yogeshchoudhary147
authored
security: remove unused rollup-plugin-serve (CVE-2020-7684) (#1077)
## Summary - Removes `rollup-plugin-serve` from devDependencies — it was never used in the codebase (`rollup-plugin-dev` serves the same purpose) - Fixes SNYK-JS-ROLLUPPLUGINSERVE-585897 / CVE-2020-7684 (Directory Traversal, CVSS 9.8) - Also removes transitive dependencies `mime@3.0.0` and `opener@1.5.2` which were only pulled in by this package No functional impact.
1 parent bbc3c1a commit a2d89a5

File tree

2 files changed

+0
-30
lines changed

2 files changed

+0
-30
lines changed

package-lock.json

Lines changed: 0 additions & 29 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,6 @@
8282
"rollup-plugin-dev": "^1.1.3",
8383
"rollup-plugin-livereload": "^2.0.5",
8484
"rollup-plugin-peer-deps-external": "^2.2.4",
85-
"rollup-plugin-serve": "^2.0.2",
8685
"rollup-plugin-typescript2": "^0.37.0",
8786
"start-server-and-test": "^2.0",
8887
"ts-jest": "^29.4.0",

0 commit comments

Comments
 (0)