Update yarn dependencies to fix moderate JS vulnerabilities#5889
Merged
mitchellhenke merged 2 commits intomainfrom Feb 1, 2022
Merged
Update yarn dependencies to fix moderate JS vulnerabilities#5889mitchellhenke merged 2 commits intomainfrom
mitchellhenke merged 2 commits intomainfrom
Conversation
mitchellhenke
commented
Feb 1, 2022
aduth
reviewed
Feb 1, 2022
Makefile
Outdated
Contributor
There was a problem hiding this comment.
I recall having an in-progress branch somewhere with the SVGO upgrade, and it requires some alternative to the (now-deprecated) flags here, through a config file. Let me see if I can dig that up.
Contributor
Author
There was a problem hiding this comment.
Whoops, I forgot to include what I had for the file! Added it
Contributor
There was a problem hiding this comment.
Whoops, I forgot to include what I had for the file! Added it
Gotcha 👍 Mine included the "default preset" and modified a few of the defaults from there, but if it can be done at the top-level like you have, I think that works better.
module.exports = {
multipass: true,
plugins: [
{
name: 'preset-default',
params: {
overrides: {
minifyStyles: false,
removeViewBox: false,
},
},
},
{
name: 'removeAttrs',
params: {
attrs: 'data-name',
},
},
],
};
mitchellhenke
force-pushed
the
mitchellhenke/yarn-audit
branch
from
26ebbe5 to
05b3350
Compare
mitchellhenke
force-pushed
the
mitchellhenke/yarn-audit
branch
from
05b3350 to
3119966
Compare
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GitHub reminds me daily of our vulnerable JS packages (that are not vulnerabilities in the deployed environment as far as I understand them), so I wanted to fix them.
svgowas the most significant change with a major version upgrade that includes a new configuration format.Yarn Audit Before PR
Yarn Audit After PR