fix: package.json & yarn.lock to reduce vulnerabilities

Rudloff / openvegemap

Find vegetarian and vegan restaurants in your city

https://openvegemap.netlib.re/

GNU General Public License v3.0

72 stars 9 forks source link

fix: package.json & yarn.lock to reduce vulnerabilities #98

Closed KristjanESPERANTO closed 3 years ago

KristjanESPERANTO commented 3 years ago

The following vulnerabilities are fixed with an upgrade:

Rudloff commented 3 years ago

The css-loader update seems to break the style:

KristjanESPERANTO commented 3 years ago

That's strange. I am withdrawing the version increase for "CSS Loader", so that you can apply the other changes.

But at some point we should take a closer look at it.

Rudloff commented 3 years ago

OK then, if this does not contain breaking changes anymore, it can go on master.

Rudloff commented 3 years ago

Wait, I think having handlebars in the direct dependencies is a mistake. 0e3f44c874598bb3e75d257e557cece2a2aa7daa added it but we don't use it directly. (Also, it seems we don't even need it anymore since 0ac26c6cfb8590e844a1f58d1472c2b99ce0f529.)

I removed it in 29d7d7b46e41aed66acc247718f092b425ec5ac3.