All prod vulnerabilities are fixed in this PR. Details:
eslint is moved to devdependencies, thus ignored by prod vulnerability check. It is not upgraded.
Forced react-code-blocks to depend on a later version of react-syntax-highligher by adding overrides in package.json.
For the rest, vulnerability is fixed by simply upgrading the package to the latest version.
Note:
react-code-blocks and firebase depend on vulnerable library versions, and there are no updates available. Thus, we will use overrides as a temperary solution. However, this is generally not considered a good practice according to ChatGPT (see below). We should update the packages and remove the overrides once these packages are updated.
All prod vulnerabilities are fixed in this PR. Details:
eslint
is moved to devdependencies, thus ignored by prod vulnerability check. It is not upgraded.react-code-blocks
to depend on a later version ofreact-syntax-highligher
by addingoverrides
inpackage.json
.Note:
react-code-blocks
andfirebase
depend on vulnerable library versions, and there are no updates available. Thus, we will useoverrides
as a temperary solution. However, this is generally not considered a good practice according to ChatGPT (see below). We should update the packages and remove the overrides once these packages are updated.