Skip to content

Commit

Permalink
Address dependabot alerts
Browse files Browse the repository at this point in the history 
For posterity, these are the reasons each of these resolutions was
added. They should all work fine; semver is a little concerning becuase
deps are depending on two different major versions there, but we can
only have a single resolution, but according to the changelog the only
breaking change was dropping support for older versions of node.

1. @babel/traverse: GHSA-67hx-6x53-jw92
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "@babel/traverse"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "@babel/[email protected]"
  info Has been hoisted to "@babel/traverse"
  info Reasons this module exists
     - Hoisted from "@Docusaurus#core#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@Docusaurus#mdx-loader#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#traverse"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#helpers#@babel#traverse"
  => Found "@svgr/webpack#@babel/[email protected]"
  info Reasons this module exists
     - "@Docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers" depends on it
     - Hoisted from "@Docusaurus#core#@svgr#webpack#@babel#preset-typescript#@babel#plugin-transform-typescript#@babel#helper-create-class-features-plugin#@babel#helper-replace-supers#@babel#traverse"
  ```
2. follow-redirects: GHSA-jchw-25xp-jwwc
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "follow-redirects"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "[email protected]"
  info Reasons this module exists
     - "@Docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy" depends on it
     - Hoisted from "@Docusaurus#core#webpack-dev-server#http-proxy-middleware#http-proxy#follow-redirects"
  ✨  Done in 0.23s.
  ```
3. semver: GHSA-c2qf-rxjj-qqgw
  ```
  yarn why v1.22.19
  [1/4] 🤔  Why do we have the module "semver"...?
  [2/4] 🚚  Initialising dependency graph...
  [3/4] 🔍  Finding dependency...
  [4/4] 🚡  Calculating file sizes...
  => Found "[email protected]"
  info Has been hoisted to "semver"
  info Reasons this module exists
     - Hoisted from "@babel#helper-create-class-features-plugin#semver"
     - Hoisted from "@babel#helper-create-regexp-features-plugin#semver"
     - Hoisted from "@Docusaurus#core#@babel#core#semver"
     - Hoisted from "@Docusaurus#core#@babel#plugin-transform-runtime#semver"
     - Hoisted from "@Docusaurus#core#@babel#preset-env#semver"
     - Hoisted from "@Docusaurus#core#@babel#core#@babel#helper-compilation-targets#semver"
     - Hoisted from "@Docusaurus#core#@babel#plugin-transform-runtime#babel-plugin-polyfill-corejs2#semver"
  => Found "@docusaurus/core#[email protected]"
  info This module exists because "@Docusaurus#core" depends on it.
  => Found "update-notifier#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier" depends on it.
  => Found "css-loader#[email protected]"
  info This module exists because "@Docusaurus#core#css-loader" depends on it.
  => Found "postcss-loader#[email protected]"
  info This module exists because "@Docusaurus#core#postcss-loader" depends on it.
  => Found "fork-ts-checker-webpack-plugin#[email protected]"
  info This module exists because "@Docusaurus#core#react-dev-utils#fork-ts-checker-webpack-plugin" depends on it.
  => Found "semver-diff#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier#semver-diff" depends on it.
  => Found "package-json#[email protected]"
  info This module exists because "@Docusaurus#core#update-notifier#latest-version#package-json" depends on it.
  ✨  Done in 0.24s.
  ```
  • Loading branch information
@lindboe
lindboe committed Feb 16, 2024
1 parent b48228a commit c4abe07
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 67 deletions.
5 changes: 4 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,10 @@
"typescript": "~5.2.2"
},
"resolutions": {
"@types/react": "^18.2.55"
"@types/react": "^18.2.55",
"@babel/traverse": "^7.23.2",
"follow-redirects": "^1.15.4",
"semver": "7.5.2"
},
"browserslist": {
"production": [
Expand Down
83 changes: 17 additions & 66 deletions yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,15 +334,6 @@
json5 "^2.2.3"
semver "^6.3.1"

"@babel/generator@^7.18.10":
version "7.18.12"
resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.18.12.tgz#fa58daa303757bd6f5e4bbca91b342040463d9f4"
integrity sha512-dfQ8ebCN98SvyL7IxNMCUtZQSq5R7kxgN+r8qYTGDmmSion1hX2C0zq2yo1bsCDhXixokv1SAWTZUMYbO/V5zg==
dependencies:
"@babel/types" "^7.18.10"
"@jridgewell/gen-mapping" "^0.3.2"
jsesc "^2.5.1"

"@babel/generator@^7.23.3", "@babel/generator@^7.23.6":
version "7.23.6"
resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.23.6.tgz#9e1fca4811c77a10580d17d26b57b036133f3c2e"
Expand Down Expand Up @@ -467,13 +458,6 @@
"@babel/template" "^7.22.15"
"@babel/types" "^7.23.0"

"@babel/helper-hoist-variables@^7.18.6":
version "7.18.6"
resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.18.6.tgz#d4d2c8fb4baeaa5c68b99cc8245c56554f926678"
integrity sha512-UlJQPkFqFULIcyW5sbzgbkxn2FKRgwWiRexcuaR8RNJRy8+LLveqPjwZV/bwrLZCN0eUHD/x8D0heK1ozuoo6Q==
dependencies:
"@babel/types" "^7.18.6"

"@babel/helper-hoist-variables@^7.22.5":
version "7.22.5"
resolved "https://registry.yarnpkg.com/@babel/helper-hoist-variables/-/helper-hoist-variables-7.22.5.tgz#c01a007dac05c085914e8fb652b339db50d823bb"
Expand Down Expand Up @@ -667,7 +651,7 @@
chalk "^2.4.2"
js-tokens "^4.0.0"

"@babel/parser@^7.18.10", "@babel/parser@^7.18.11":
"@babel/parser@^7.18.10":
version "7.18.11"
resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.18.11.tgz#68bb07ab3d380affa9a3f96728df07969645d2d9"
integrity sha512-9JKn5vN+hDt0Hdqn1PiJ2guflwP+B6Ga8qbDuoF0PzzVhrzsKIJo8yGqVk6CmMHiMei9w1C1Bp9IMJSIK+HPIQ==
Expand Down Expand Up @@ -1537,23 +1521,7 @@
"@babel/parser" "^7.23.9"
"@babel/types" "^7.23.9"

"@babel/traverse@^7.18.9":
version "7.18.11"
resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.18.11.tgz#3d51f2afbd83ecf9912bcbb5c4d94e3d2ddaa16f"
integrity sha512-TG9PiM2R/cWCAy6BPJKeHzNbu4lPzOSZpeMfeNErskGpTJx6trEvFaVCbDvpcxwy49BKWmEPwiW8mrysNiDvIQ==
dependencies:
"@babel/code-frame" "^7.18.6"
"@babel/generator" "^7.18.10"
"@babel/helper-environment-visitor" "^7.18.9"
"@babel/helper-function-name" "^7.18.9"
"@babel/helper-hoist-variables" "^7.18.6"
"@babel/helper-split-export-declaration" "^7.18.6"
"@babel/parser" "^7.18.11"
"@babel/types" "^7.18.10"
debug "^4.1.0"
globals "^11.1.0"

"@babel/traverse@^7.22.8", "@babel/traverse@^7.23.9":
"@babel/traverse@^7.18.9", "@babel/traverse@^7.22.8", "@babel/traverse@^7.23.2", "@babel/traverse@^7.23.9":
version "7.23.9"
resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.23.9.tgz#2f9d6aead6b564669394c5ce0f9302bb65b9d950"
integrity sha512-I/4UJ9vs90OkBtY6iiiTORVMyIhJ4kAVmsKo9KFc8UOxMeUfi2hvtIBsET5u9GizXE6/GFSuKCTNfgCswuEjRg==
Expand Down Expand Up @@ -4644,10 +4612,10 @@ flat@^5.0.2:
resolved "https://registry.yarnpkg.com/flat/-/flat-5.0.2.tgz#8ca6fe332069ffa9d324c327198c598259ceb241"
integrity sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==

follow-redirects@^1.0.0:
version "1.15.1"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.1.tgz#0ca6a452306c9b276e4d3127483e29575e207ad5"
integrity sha512-yLAMQs+k0b2m7cVxpS1VKJVvoz7SS9Td1zss3XRwXj+ZDH00RJgnuLx7E44wx02kQLrdM3aOOy+FpzS7+8OizA==
follow-redirects@^1.0.0, follow-redirects@^1.15.4:
version "1.15.5"
resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.5.tgz#54d4d6d062c0fa7d9d17feb008461550e3ba8020"
integrity sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==

fork-ts-checker-webpack-plugin@^6.5.0:
version "6.5.2"
Expand Down Expand Up @@ -5637,12 +5605,7 @@ json-schema-traverse@^1.0.0:
resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz#ae7bcb3656ab77a73ba5c49bf654f38e6b6860e2"
integrity sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==

json5@^2.1.2:
version "2.2.1"
resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.1.tgz#655d50ed1e6f95ad1a3caababd2b0efda10b395c"
integrity sha512-1hqLFMSrGHRHxav9q9gNjJ5EXznIxGVO09xQRrwplcS8qs28pZ8s8hupZAmqDwZUmVZ2Qb2jnyPOWcDH8m8dlA==

json5@^2.2.3:
json5@^2.1.2, json5@^2.2.3:
version "2.2.3"
resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283"
integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==
Expand Down Expand Up @@ -5714,18 +5677,18 @@ loader-runner@^4.2.0:
integrity sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg==

loader-utils@^2.0.0:
version "2.0.2"
resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.2.tgz#d6e3b4fb81870721ae4e0868ab11dd638368c129"
integrity sha512-TM57VeHptv569d/GKh6TAYdzKblwDNiumOdkFnejjD0XwTH87K90w3O7AiJRqdQoXygvi1VQTJTLGhJl7WqA7A==
version "2.0.4"
resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.4.tgz#8b5cb38b5c34a9a018ee1fc0e6a066d1dfcc528c"
integrity sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==
dependencies:
big.js "^5.2.2"
emojis-list "^3.0.0"
json5 "^2.1.2"

loader-utils@^3.2.0:
version "3.2.0"
resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-3.2.0.tgz#bcecc51a7898bee7473d4bc6b845b23af8304d4f"
integrity sha512-HVl9ZqccQihZ7JM85dco1MvO9G+ONvxoGa9rkhzFsneGLKSUg1gJf9bWzhRhcvm2qChhWpebQhP44qxjKIUCaQ==
version "3.2.1"
resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-3.2.1.tgz#4fb104b599daafd82ef3e1a41fb9265f87e1f576"
integrity sha512-ZvFw1KWS3GVyYBYb7qkmRM/WwL2TQQBxgCK62rlvm4WpVQ23Nb4tYjApUlfjrEGvOs7KHEsmyUn75OHZrJMWPw==

locate-path@^3.0.0:
version "3.0.0"
Expand Down Expand Up @@ -8073,22 +8036,10 @@ semver-diff@^4.0.0:
dependencies:
semver "^7.3.5"

semver@^6.3.1:
version "6.3.1"
resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4"
integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==

semver@^7.3.2, semver@^7.3.5, semver@^7.3.7:
version "7.3.7"
resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.7.tgz#12c5b649afdbf9049707796e22a4028814ce523f"
integrity sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==
dependencies:
lru-cache "^6.0.0"

semver@^7.5.4:
version "7.6.0"
resolved "https://registry.yarnpkg.com/semver/-/semver-7.6.0.tgz#1a46a4db4bffcccd97b743b5005c8325f23d4e2d"
integrity sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==
[email protected], semver@^6.3.1, semver@^7.3.2, semver@^7.3.5, semver@^7.3.7, semver@^7.5.4:
version "7.5.2"
resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.2.tgz#5b851e66d1be07c1cdaf37dfc856f543325a2beb"
integrity sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==
dependencies:
lru-cache "^6.0.0"

Expand Down

0 comments on commit c4abe07

Please sign in to comment.