This updates our jest to a newer version and sets an override for semver because dependent packages haven't updated their versions of semver. Jest is dependent on an invalid version of semver , and we can't update Jest because even the latest version has this vulnerability.
There's a feature in node 16+ called overrides that lets our package define new versions for package dependencies that might be deeply nested. While testing the new overrides property I realized that there's some discrepancy in the node package manager versions. We typically have node 16 installed, but our CI/CD uses node 12 to build and test our package. Additionally, our package-lock.json is saved using node 16+.
There shouldn't be problems when installing and compiling using an older version of node.
This updates our jest to a newer version and sets an override for semver because dependent packages haven't updated their versions of semver. Jest is dependent on an invalid version of semver , and we can't update Jest because even the latest version has this vulnerability.
Babel devs are currently working on a solution but a possible work around was identified. https://github.com/babel/babel/issues/15720#issuecomment-1608382204
There's a feature in node 16+ called
overridesthat lets our package define new versions for package dependencies that might be deeply nested. While testing the new overrides property I realized that there's some discrepancy in the node package manager versions. We typically have node 16 installed, but our CI/CD uses node 12 to build and test our package. Additionally, our package-lock.json is saved using node 16+.There shouldn't be problems when installing and compiling using an older version of node.