There are some dependabot reported security issues that may or may not be reported by npm audit.
Review these and see if it is possible to safely update these.
These may require using overrides.
If that is the case be sure to perform extra checks for regressions.
Such cases would be, for example, minimatch where some dependencies need a 5.x version of minimatch but the overrides is set to ^3.0.0.
Cursory invetigation on patterns like "minimatch": ">=3.1.2", or "minimatch": "^3.1.2 || >=3.1.2", result in always using a 5.x version and patterns like "minimatch": "^3.1.2", result in always using a 3.x version.
When there are dependencies requiring different versions there does not seem to be a way to allow a 3.1.2 to match for 3.x version and a 5.1.1 to match for a 5.x version.
There are some dependabot reported security issues that may or may not be reported by
npm audit
.Review these and see if it is possible to safely update these. These may require using
overrides
. If that is the case be sure to perform extra checks for regressions.Such cases would be, for example,
minimatch
where some dependencies need a5.x
version ofminimatch
but the overrides is set to^3.0.0
.Cursory invetigation on patterns like
"minimatch": ">=3.1.2",
or"minimatch": "^3.1.2 || >=3.1.2",
result in always using a 5.x version and patterns like"minimatch": "^3.1.2",
result in always using a 3.x version.When there are dependencies requiring different versions there does not seem to be a way to allow a 3.1.2 to match for 3.x version and a 5.1.1 to match for a 5.x version.