abcnews / aunty

A toolkit for working with ABC News projects
https://www.npmjs.com/package/@abcnews/aunty
MIT License
32 stars 5 forks source link

Fix yaml vulnerability caught by npm #202

Open phocks opened 1 year ago

phocks commented 1 year ago

Fixes:

# npm audit report

yaml  <2.2.2
Severity: moderate
Uncaught Exception in yaml - https://github.com/advisories/GHSA-f9xv-q969-pqx4
fix available via `npm audit fix --force`
Will install fork-ts-checker-webpack-plugin@4.1.6, which is a breaking change
node_modules/yaml
  cosmiconfig  6.0.0 - 7.1.0
  Depends on vulnerable versions of yaml
  node_modules/cosmiconfig
    fork-ts-checker-webpack-plugin  >=5.0.0-alpha.1
    Depends on vulnerable versions of cosmiconfig
    node_modules/fork-ts-checker-webpack-plugin

Tested TypeScript build locally with updated fork-ts-checker-webpack-plugin and it still works

https://github.com/TypeStrong/fork-ts-checker-webpack-plugin