Fix vulnerabilities in dev dependencies (!56) · Merge requests · Sheogorath / Markdown Spellcheck

Sheogorath requested to merge fix/dependency-sec into deploy Jun 05, 2021

Currently the packages of browserlist and hosted-git-info are called out for being vulnerable to ReDOS attacks. While the risk of these vulnerabilities is reasonably small, as fixed versions exist, these should be used.

This patch fixes some dev dependency vulnerabilities by forcing newer versions of the affected dependencies on all downstream projects.

Fix vulnerabilities in dev dependencies

Merge request reports