This just goes through our dependencies and updates them to the latest versions that work with webpack 4 (some of these have newer releases available, but that requires upgrading to webpack 5). We can consider moving to webpack 5 on our own or wait for ReViz to tackle https://github.com/allenai/skiff-template/issues/202 and mirror their changes here.
Also all versions are now pinned to specific releases. This mainly avoids the risk of pulling down a compromised patch release of a direct dependency.
I replaced the old module resolutions with just one that we need now--glob-parent has a vulnerability in versions prior to 5.1.2. (see dependabot). It could cause issues because our dependencies want 3.1.0 and we're now providing a much newer version, but things seem to work fine...
This just goes through our dependencies and updates them to the latest versions that work with webpack 4 (some of these have newer releases available, but that requires upgrading to webpack 5). We can consider moving to webpack 5 on our own or wait for ReViz to tackle https://github.com/allenai/skiff-template/issues/202 and mirror their changes here.
Also all versions are now pinned to specific releases. This mainly avoids the risk of pulling down a compromised patch release of a direct dependency.
I replaced the old module resolutions with just one that we need now--
glob-parenthas a vulnerability in versions prior to 5.1.2. (see dependabot). It could cause issues because our dependencies want 3.1.0 and we're now providing a much newer version, but things seem to work fine...