Skip to content

Commit 932646a

Browse files
Vinayak Guptameta-codesync[bot]
authored andcommitted
Add resolutions to fix remaining dependency vulnerabilities
Summary: Follow-up to D99691259 (which deleted the stale yarn.lock). Adds resolutions to quick-start/package.json to force safe versions of exact-pinned transitive dependencies, preventing vulnerabilities from reappearing if a new lockfile is generated: - tough-cookie: 2.4.3 → 4.1.3 (pinned by request via ~2.4.3) - form-data: 2.3.3 → 2.5.4 (pinned by request via ~2.3.2) - qs: 6.5.2 → 6.14.1 (pinned by express at exact version) - ajv: 6.7.0 → 6.14.0 (pinned by request → har-validator) Note: request@2.88.2 itself is deprecated with no fix version available. The node/package.json ejs vulnerability is already resolved (^3.1.10). Reviewed By: shreeshyadav Differential Revision: D99724725 fbshipit-source-id: ceedd104b8f4ef7df56016d69f9a6aa19830f556
1 parent 483c75d commit 932646a

1 file changed

Lines changed: 7 additions & 1 deletion

File tree

quick-start/package.json

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,5 +23,11 @@
2323
"keywords": [
2424
"messenger",
2525
"webhook"
26-
]
26+
],
27+
"resolutions": {
28+
"tough-cookie": "4.1.3",
29+
"form-data": "2.5.4",
30+
"qs": "6.14.1",
31+
"ajv": "6.14.0"
32+
}
2733
}

0 commit comments

Comments
 (0)