Closed Kocal closed 2 months ago
We have some vulnerability alerts raised by Dependabot https://github.com/symfony/webpack-encore/security/dependabot?q=is%3Aopen+manifest%3Ayarn.lock
The PR won't impact the end users, they probably already updated the dependencies themselves, it's only some maintenance... :)
The following dependencies are updated to their patched version:
braces
webpack-dev-middleware
express
follow-redirects
The following dependencies are not updated, as it requires major updates that can break user-land:
ws
webpack-dev-server
@adobe/css-tools
stylus
tough-cookie
request
zombie
vue-template-compiler
We have some vulnerability alerts raised by Dependabot https://github.com/symfony/webpack-encore/security/dependabot?q=is%3Aopen+manifest%3Ayarn.lock
The PR won't impact the end users, they probably already updated the dependencies themselves, it's only some maintenance... :)
The following dependencies are updated to their patched version:
braceswebpack-dev-middlewareexpressfollow-redirectsThe following dependencies are not updated, as it requires major updates that can break user-land:
ws, used bywebpack-dev-server(need one major update)@adobe/css-tools, used bystylus(needs three major updates)tough-cookieandrequest, used by the archived packagezombie, there are no new releases, so we must find a replacmentvue-template-compiler, we must drop Vue 2 support before