mitigate ws and braces vulnerabilities

iTwin / viewer

Monorepo that contains the iTwin Viewer npm packages and their related packages

MIT License

25 stars 16 forks source link

mitigate ws and braces vulnerabilities #320

Open ben-polinsky opened 1 month ago

ben-polinsky commented 1 month ago

Mitigates GHSA-3h5v-q93c-6h6q, GHSA-grv7-fg5c-xmjg

Unfortunately, pnpm global overrides seems to be the only way to go for braces which is a deep transient dependency off react-scripts.

ben-polinsky commented 1 month ago

rush update --full didnt work?

Nope couldn't get braces updated...

aruniverse commented 1 month ago

rush update --full didnt work?

Nope couldn't get braces updated...

Do we still need to add the ws dep in the test apps?

ben-polinsky commented 1 month ago

rush update --full didnt work?

Nope couldn't get braces updated...

Do we still need to add the ws dep in the test apps?

nope - makes sense

ben-polinsky commented 1 month ago

@jasdom since I am running into issues which cross over into #319, maybe you can pick my changes here relating to the failed audit I was attempting to resolve

jasdom commented 1 month ago

@jasdom since I am running into issues which cross over into #319, maybe you can pick my changes here relating to the failed audit I was attempting to resolve

Sure, I was working on these exact changes to resolve the vulnerabilities myself so I will include them in my PR.