Skip to content

Commit 644a75c

Browse files
committed
fix: resolve Dependabot security alerts in example lockfiles and bump esbuild
- Regenerate yarn.lock for examples/async-provider and examples/hoc to pull patched transitive dependencies - Add yarn resolutions for node-forge (>=1.4.0) and tmp (>=0.2.6) to override deeply pinned vulnerable versions - Bump esbuild from ^0.24.0 to ^0.25.0 to resolve GHSA-67mh-4wv8-2f99 Resolves 22 of 28 open Dependabot alerts. The remaining 6 alerts (path-to-regexp, uuid, webpack-dev-server) are structurally pinned by react-router-dom v5 and universal-hot-reload's webpack-dev-server v3, which would require major dependency upgrades to fix.
1 parent b5a4c27 commit 644a75c

5 files changed

Lines changed: 5956 additions & 4983 deletions

File tree

examples/async-provider/package.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,8 @@
6060
"webpack-serve": "^3.1.1"
6161
},
6262
"resolutions": {
63-
"acorn": "npm:acorn-with-stage3"
63+
"acorn": "npm:acorn-with-stage3",
64+
"node-forge": "^1.4.0",
65+
"tmp": "^0.2.6"
6466
}
6567
}

0 commit comments

Comments
 (0)