madewithwagtail icon indicating copy to clipboard operation
madewithwagtail copied to clipboard

Published 20 hours ago verified publisher icon springload

Dependency vulnerabilities.

Open janzenz opened this issue 6 years ago • 0 comments

I got a notification from Github reporting vulnerabilities in the packages: https://github.com/springload/madewithwagtail/network/dependencies

These vulnerabilities seems to occur on transitive dependencies, which can be fixed by specifying the version of these sub-dependencies. There seem to be 2 options to achieve this:

  • Using https://github.com/rogeriochaves/npm-force-resolutions to force the resolution of these sub-dependencies to a specific version.
  • Another option is use yarn instead of npm which natively supports this. The first option is actually inspired by this feature in yarn.

janzenz avatar Oct 09 '18 01:10 janzenz