You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue is to raise awareness on a couple of critical vulnerabilities being identified by yarn audit in a few outdated dependencies, with the hopes to work together on addressing them.
I've included information below on the dependencies at issue, the versions where they get patched, and if there are any additional notes on the dependencies or vulnerabilities. I'll also setup a PR as well.
sidorares/node-mysql2#2540 This thread shows that the project authors don't see any breaking changes when going from v2 to v3 with the exception of node v16 now being a requirement
The vulnerability isn't actually with pg-hstore, but with a dependency (underscore) that pg-hstore uses. No major breaking changes between the two versions 2.3.3 -> 2.3.4 so that should be a quick win
The vulnerability isn't actually with jest-image-snapshot, but with a dependency (mkdirp) that jest-image-snapshot uses. The dependency was removed in v6.1.1 of jest-image-snapshot. No major breaking changes between the two versions v4 -> v6 with the exception of dropping node support for v10, v12, and v17
Hi there,
This issue is to raise awareness on a couple of critical vulnerabilities being identified by
yarn auditin a few outdated dependencies, with the hopes to work together on addressing them.I've included information below on the dependencies at issue, the versions where they get patched, and if there are any additional notes on the dependencies or vulnerabilities. I'll also setup a PR as well.
^3.22.05.5.48.1.6^2.1.0>=3.9.73.10.2^2.3.32.3.42.3.4^4.5.16.1.16.4.0^0.4.00.4.0yarn auditoutput (partial)The text was updated successfully, but these errors were encountered: