Commit 932646a
Add resolutions to fix remaining dependency vulnerabilities
Summary:
Follow-up to D99691259 (which deleted the stale yarn.lock).
Adds resolutions to quick-start/package.json to force safe versions of
exact-pinned transitive dependencies, preventing vulnerabilities from
reappearing if a new lockfile is generated:
- tough-cookie: 2.4.3 → 4.1.3 (pinned by request via ~2.4.3)
- form-data: 2.3.3 → 2.5.4 (pinned by request via ~2.3.2)
- qs: 6.5.2 → 6.14.1 (pinned by express at exact version)
- ajv: 6.7.0 → 6.14.0 (pinned by request → har-validator)
Note: request@2.88.2 itself is deprecated with no fix version available.
The node/package.json ejs vulnerability is already resolved (^3.1.10).
Reviewed By: shreeshyadav
Differential Revision: D99724725
fbshipit-source-id: ceedd104b8f4ef7df56016d69f9a6aa19830f5561 parent 483c75d commit 932646a
1 file changed
Lines changed: 7 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
26 | | - | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
27 | 33 | | |
0 commit comments