Open janzenz opened 5 years ago
I got a notification from Github reporting vulnerabilities in the packages: https://github.com/springload/madewithwagtail/network/dependencies
These vulnerabilities seems to occur on transitive dependencies, which can be fixed by specifying the version of these sub-dependencies. There seem to be 2 options to achieve this:
yarn
npm
I got a notification from Github reporting vulnerabilities in the packages: https://github.com/springload/madewithwagtail/network/dependencies
These vulnerabilities seems to occur on transitive dependencies, which can be fixed by specifying the version of these sub-dependencies. There seem to be 2 options to achieve this:
yarninstead ofnpmwhich natively supports this. The first option is actually inspired by this feature inyarn.