fix: patch 8 of 9 npm vulnerabilities via pnpm.overrides
Move vulnerability overrides from npm-format top-level `overrides` to pnpm-format `pnpm.overrides`. Add flatted override to patch the high-severity prototype pollution CVE. All 5 high + 3 moderate severity issues are now resolved. Remaining: elliptic (low, no patch available upstream). Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Gandalf the Greybeard
+6
-3
@@ -30,9 +30,12 @@
|
||||
"react": "^18.0.0",
|
||||
"react-dom": "^18.0.0"
|
||||
},
|
||||
"overrides": {
|
||||
"tar": "^7.5.11",
|
||||
"undici": "^7.24.3"
|
||||
"pnpm": {
|
||||
"overrides": {
|
||||
"tar": "^7.5.11",
|
||||
"undici": "^7.24.3",
|
||||
"flatted": "^3.4.2"
|
||||
}
|
||||
},
|
||||
"devDependencies": {
|
||||
"@kinvolk/headlamp-plugin": "^0.13.0",
|
||||
|
||||
Reference in New Issue
Block a user