This allows us to restrict the version of transitive dependencies which is not achievable by plain npm. Hence, to give an example we're restricting the version of lodash in here which fixes the critical vulnerability and for the future npm vulnerabilities as well.
PS. This upgrade has inadvertently fix the other vulnerabilities as well.
This allows us to restrict the version of transitive dependencies which is not achievable by plain npm. Hence, to give an example we're restricting the version of
lodash
in here which fixes thecritical vulnerability
and for the future npm vulnerabilities as well.PS. This upgrade has inadvertently fix the other vulnerabilities as well.