Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update vulnerable dependencies #302

Merged
merged 4 commits into from
Mar 7, 2024
Merged

Update vulnerable dependencies #302

merged 4 commits into from
Mar 7, 2024

Conversation

cdb
Copy link
Contributor

@cdb cdb commented Mar 6, 2024
edited
Loading

Replaces #301

Updates a few packages that were causing security vulnerabilities:

  • Update @babel/traverse from 7.20.12 to 7.24.0
  • Update browserify-sign from 4.2.1 to 4.2.3
  • Update semver from 5.7.1 to 5.7.2, 6.3.0 to 6.3.1, and 7.3.8 to 7.6.0
  • Update word-wrap from 1.2.3 to 1.2.5

There is one more remaining package from npm audit that is forcing a bit more complex update, so I'll do that in a separate PR

@cdb cdb marked this pull request as ready for review March 7, 2024 00:05
@cdb cdb requested a review from a team as a code owner March 7, 2024 00:05
@cdb cdb merged commit 5e20725 into main Mar 7, 2024
2 checks passed
@cdb cdb deleted the cdb/npm-dependencies-one-at-a-time branch March 7, 2024 00:10
@cdb cdb mentioned this pull request Mar 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lauraway lauraway lauraway approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cdb @lauraway