chore: resolve open dependabot security alerts#383
Conversation
- markdownlint-cli ^0.44.0 -> ^0.48.0 (fixes minimatch, glob, js-yaml v4 alerts 18, 12, 8) - markdown-link-check ^3.10.2 -> ^3.14.2 (fixes basic-ftp alerts 16 and 22) - js-yaml 3.14.1 -> 3.14.2 (medium, alert 9; resolves naturally via lockfile refresh) - lodash.template 4.5.0 -> 4.18.1 (high, alerts 1 and 21; override required, markdown-toc dep chain is frozen) Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
jonathannorris
force-pushed
the
fix/dependabot-alerts
branch
from
8044d72 to
71c7e0e
Compare
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a series of dependency overrides in package.json to enforce specific versions for packages such as basic-ftp, minimatch, and glob, while also updating package-lock.json with corresponding version bumps and added license metadata. A critical issue was identified in the overrides section where lodash.template is set to a non-existent version (^4.18.0), which will cause installation failures; it is recommended to override the base lodash package to ^4.17.21 instead.
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
This reverts commit 7e3889e. Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
|
|
3 participants
Summary
markdown-link-checkto^3.14.2andmarkdownlint-clito^0.48.0;lodash.templaterequired an npm override sincemarkdown-toc→remarkable@1.7.x→autolinker@0.15.x→gulp-headeris a frozen dep chainmarkdownlint-cli@0.48.0introducedMD060(table column style); fixed pre-existing violations inappendix-d-observability.mdandtypes.mdvia prettier