Skip to content

Commit c5d56cc

Browse files
committed
fix: resolve dependency security vulnerabilities
Upgrade lint-staged from v12 to v15.5.2 and add pnpm overrides to force patched versions of vulnerable transitive dev dependencies: - hermes-engine >=0.10.0 (critical, Dependabot #68) - braces >=3.0.3 (high, Dependabot #70) - micromatch >=4.0.8 (medium, Dependabot #71) - http-proxy-agent >=5.0.0 (removes @tootallnate/once, low, Dependabot #72) The ip SSRF vulnerability (#69) remains unresolved as no patched version exists and it requires a react-native major version upgrade.
1 parent 2b22266 commit c5d56cc

2 files changed

Lines changed: 234 additions & 838 deletions

File tree

package.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@
5050
"enzyme-to-json": "^3.3.1",
5151
"husky": "^9.1.7",
5252
"jest": "^27.3.1",
53-
"lint-staged": "^12.1.1",
53+
"lint-staged": "^15.5.2",
5454
"preact": "^10.0.0-beta.2",
5555
"preact-render-to-json": "^3.6.6",
5656
"pretty-format": "^27.5.1",
@@ -94,5 +94,13 @@
9494
},
9595
"overrides": {
9696
"cheerio": "1.0.0-rc.12"
97+
},
98+
"pnpm": {
99+
"overrides": {
100+
"micromatch": ">=4.0.8",
101+
"braces": ">=3.0.3",
102+
"http-proxy-agent": ">=5.0.0",
103+
"hermes-engine": ">=0.10.0"
104+
}
97105
}
98106
}

0 commit comments

Comments
 (0)