chore: Upgrade fsevents to latest

Open katesaikishore opened this issue 7 months ago • 0 comments

Summary

Upgrade fsevents from the deprecated 1.2.13 to ^2.3.3 in order to eliminate the deprecation and install‐scripts risks flagged by Socket.dev in our dependency tree.

Changes

package.json
- Bumped optionalDependencies.fsevents to ^2.3.3
package-lock.json
- Regenerated lockfile so that all references to [email protected] are removed and [email protected] is frozen
Ran a clean install (rm -rf node_modules package-lock.json && npm install) to verify no v1 artifacts remain

References

SEC ticket: SEC-2161 (Jira link)
Socket.dev alerts:
- [email protected] deprecated
- [email protected] installScripts risk
PSIRT process (Known Malware):
https://oktawiki.atlassian.net/wiki/spaces/REX/pages/3093897297/3rd-Party+Libraries+-+Risk+Reporting+Remediation+Standard#3.1-Known-Malware

Testing

Fresh install & audit

rm -rf node_modules package-lock.json
npm install
npm audit

Screenshot 2025-05-22 at 6 16 15 PM

May 22 '25 12:05 katesaikishore