Commit c5d56cc
committed
fix: resolve dependency security vulnerabilities
Upgrade lint-staged from v12 to v15.5.2 and add pnpm overrides to
force patched versions of vulnerable transitive dev dependencies:
- hermes-engine >=0.10.0 (critical, Dependabot #68)
- braces >=3.0.3 (high, Dependabot #70)
- micromatch >=4.0.8 (medium, Dependabot #71)
- http-proxy-agent >=5.0.0 (removes @tootallnate/once, low, Dependabot #72)
The ip SSRF vulnerability (#69) remains unresolved as no patched
version exists and it requires a react-native major version upgrade.1 parent 2b22266 commit c5d56cc
2 files changed
Lines changed: 234 additions & 838 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
50 | 50 | | |
51 | 51 | | |
52 | 52 | | |
53 | | - | |
| 53 | + | |
54 | 54 | | |
55 | 55 | | |
56 | 56 | | |
| |||
94 | 94 | | |
95 | 95 | | |
96 | 96 | | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
97 | 105 | | |
98 | 106 | | |
0 commit comments