Skip to content

Update NPM dependencies to resolve security advisories#11517

Merged
aduth merged 2 commits intomainfrom
aduth-webpack-cross-spawn
Nov 18, 2024
Merged

Update NPM dependencies to resolve security advisories#11517
aduth merged 2 commits intomainfrom
aduth-webpack-cross-spawn

Conversation

@aduth
Copy link
Contributor

@aduth aduth commented Nov 18, 2024
edited
Loading

🛠 Summary of changes

Updates a couple of NPM dependencies to resolve current security advisories.

While we don't directly depend on cross-spawn or path-to-regexp, they are subdependencies of a handful of our direct dependencies.

Process of updating was to remove top-level entries for affected dependencies from yarn.lock and re-run yarn install, effectively installing the latest compatible versions.

📜 Testing Plan

Verify that yarn audit produces no results.

Verify that build passes.

Verify that direct dependencies which depend on these packages are unaffected (ESLint via yarn lint, Webpack via yarn build or make run, msw via yarn test)

aduth added 2 commits November 18, 2024 08:11
@aduth
Update NPM dependencies to resolve security advisories
99fe92e 
changelog: Internal, Dependencies, Update NPM dependencies to resolve security advisories
@aduth
Update msw to latest version
86fde7b 
Resolves last audited security advisory
@aduth aduth merged commit 101128f into main Nov 18, 2024
@aduth aduth deleted the aduth-webpack-cross-spawn branch November 18, 2024 14:54
@aduth aduth mentioned this pull request Nov 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@zachmargolis zachmargolis zachmargolis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aduth @zachmargolis