Commit 644a75c
committed
fix: resolve Dependabot security alerts in example lockfiles and bump esbuild
- Regenerate yarn.lock for examples/async-provider and examples/hoc to
pull patched transitive dependencies
- Add yarn resolutions for node-forge (>=1.4.0) and tmp (>=0.2.6) to
override deeply pinned vulnerable versions
- Bump esbuild from ^0.24.0 to ^0.25.0 to resolve GHSA-67mh-4wv8-2f99
Resolves 22 of 28 open Dependabot alerts. The remaining 6 alerts
(path-to-regexp, uuid, webpack-dev-server) are structurally pinned by
react-router-dom v5 and universal-hot-reload's webpack-dev-server v3,
which would require major dependency upgrades to fix.1 parent b5a4c27 commit 644a75c
5 files changed
Lines changed: 5956 additions & 4983 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
60 | 60 | | |
61 | 61 | | |
62 | 62 | | |
63 | | - | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
64 | 66 | | |
65 | 67 | | |
0 commit comments