Commit fd20084
build(deps): collapse jquery-mockjax's per-major jquery aliases
jquery-mockjax@3 declares four jquery peer aliases (jquery1, jquery2,
jquery3, jquery4) so it can self-test against every jQuery major. npm
auto-installs all four, dragging old jquery 1.x/2.x copies into
node_modules. Those copies are never loaded by our test suite —
mockjax's main bundle is jQuery-version-agnostic at runtime and just
uses whatever jQuery is globally available — but GitHub Dependabot
flags four open moderate XSS advisories against them.
Add an `overrides` entry that redirects each non-jquery3 alias to our
top-level jquery@^3.7.1, so npm installs one jquery (under three
aliases that all point at it) instead of four versioned jQueries.
Verified: full test suite still green (40/40), `npm audit` now reports
0 vulnerabilities.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent 5ba4c7f commit fd20084
2 files changed
Lines changed: 14 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
47 | 47 | | |
48 | 48 | | |
49 | 49 | | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
50 | 55 | | |
51 | 56 | | |
52 | 57 | | |
| |||
0 commit comments