Some of our dependencies depend on insecure versions of kind-of (CVE-2019-20149) and minimify (CVE-2020-7598). While we do not depend on these directly, some of our dependencies are pinned to versions that do.
This PR upgrades all related dependencies to their latest version, which also necessitates a base image upgrade from carbon-apline to lts-alpine (which was long overdue).
Some of our dependencies depend on insecure versions of
kind-of(CVE-2019-20149) andminimify(CVE-2020-7598). While we do not depend on these directly, some of our dependencies are pinned to versions that do.This PR upgrades all related dependencies to their latest version, which also necessitates a base image upgrade from
carbon-aplinetolts-alpine(which was long overdue).