Skip to content

Update several sub dependencies to mitigate vulnerabilities

Lukas Eipert requested to merge leipert-update-dev-dependencies into master

What does this MR do and why?

All these dependencies are dev dependencies:

  • Update dset dependency to mitigate vulnerability

    See #368760 (closed)

  • Update terser dependency

    See #368754 (closed)

  • Update vulnerable sub dependency undici

  • Update vulnerable sub dependency json-schema

  • Update vulnerable sub-dependency ansi-regex

  • Update vulnerable sub dependency tmpl

  • Update nodemon dependency

    This takes care of the vulnerable sub-dependencies got, undefsafe, normalize-url.

  • Update vulnerable sub dependency y18n

  • Update vulnerable sub dependency ssri

  • Update vulnerable sub dependency css-what

  • Update vulnerable sub dependency hosted-git-info

  • Update vulnerable optional dependency node-notifier

Screenshots or screen recordings

N/A

How to set up and validate locally

N/A

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Lukas Eipert

Merge request reports