浏览代码

Fixes #1562: fixes version of trim-newlines

trim-newlines is a transitive dependency which is present in a
dependency tree through imagemin-webp and node-sass.

Version of trim-newlines which is referenced by those pacakges has a
security advisory https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042

Neither imagemin-webp nor node-sass have version which depend on patched
version of trim-newlines. And at least node-sass is not maintained any
longer.

Under current circumstances the only way to fix this is to force
trim-newlines version via "resolutions". As interface of the package is
backward compatible and does not break anything I believe it is a right
thing to do.
main
Ivan Volzhev 3 年前
committed by Eric Amodio
父节点
当前提交
c5428ed6c9
共有 1 个文件被更改,包括 3 次插入0 次删除
  1. +3
    -0
      package.json

+ 3
- 0
package.json 查看文件

@ -9742,5 +9742,8 @@
"webpack": "5.41.1",
"webpack-bundle-analyzer": "4.4.2",
"webpack-cli": "4.2.0"
},
"resolutions": {
"trim-newlines": "4.0.2"
}
}

正在加载...
取消
保存