fix: update dependencies - Githubissues

codymikol / karma-webpack

Karma webpack Middleware

MIT License

829 stars 220 forks source link

fix: update dependencies #547

Closed behei-vonage closed 9 months ago

behei-vonage commented 1 year ago

Some dependencies and nested dependencies of karma-webpack are high security vulnerabilities. This PR updates those dependencies.

CVE-2022-3517 - fix is to upgrade to minimatch-3.0.5. (more info here CVE-2021-23337 - fix is to upgrade lodash to 4.17.21 (more info here)

This PR contains a:

[x] bugfix
[ ] new feature
[ ] code refactor
[ ] test update
[ ] typo fix
[ ] metadata update

Motivation / Use-Case

The motivation is to make the package less vulnerable.

Breaking Changes

No breaking changes. npm test passes locally.

Additional Info

codymikol commented 9 months ago

Hey, thanks for your contributions! Up until recently I was unable to make updates to this project, minimatch is up to v8 now and I am working on resolving all auditing issues for a v6 release. Thank you for your help!