[Snyk] Fix for 3 vulnerabilities #18
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-14908844 - https://snyk.io/vuln/SNYK-JS-LODASH-15053838 - https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692
|
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2778bcfad7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "pretty-quick": "^3.1.1", | ||
| "ui-box": "2.1.0", | ||
| "webpack": "^4.44.1", | ||
| "webpack": "^5.0.0", |
There was a problem hiding this comment.
Upgrading to webpack 5 here will make next.config.js invalid because it still assigns config.node = { fs: "empty", module: "empty", net: "mock", tls: "mock" } (see next.config.js lines 5–9). Webpack 5 no longer accepts these node-polyfill keys in node, so the config validation step fails and next dev/next build won’t start once this dependency bump lands. You’ll need to migrate those settings to resolve.fallback (or remove them if no longer needed) before moving to webpack 5.
Useful? React with 👍 / 👎.
Snyk has created this PR to fix 3 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
package.jsonNote for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-ELLIPTIC-14908844
SNYK-JS-LODASH-15053838
SNYK-JS-POSTCSS-5926692
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
🦉 Improper Input Validation