test1

Fixes #1562: fixes version of trim-newlines

trim-newlines is a transitive dependency which is present in a
dependency tree through imagemin-webp and node-sass.

Version of trim-newlines which is referenced by those pacakges has a
security advisory https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042

Neither imagemin-webp nor node-sass have version which depend on patched
version of trim-newlines. And at least node-sass is not maintained any
longer.

Under current circumstances the only way to fix this is to force
trim-newlines version via "resolutions". As interface of the package is
backward compatible and does not break anything I believe it is a right
thing to do.

main

Ivan Volzhev 3 years ago

committed by

Eric Amodio

parent

7304b76f1a

commit

c5428ed6c9

1 changed files with 3 additions and 0 deletions

Split View

							
								+ 3
								
								- 0
							
package.jsonView File
								
					@ -9742,5 +9742,8 @@
				
							"webpack": "5.41.1",
				
							"webpack-bundle-analyzer": "4.4.2",
				
							"webpack-cli": "4.2.0"
				
						},
				
						"resolutions": {
				
							"trim-newlines": "4.0.2"
				
						}
				
					}

Fixes #1562: fixes version of trim-newlines

+ 3 - 0 package.json View File

+ 3

- 0
package.json View File