mirror of
https://github.com/matrix-org/mjolnir.git
synced 2024-09-29 20:56:23 +00:00
Upgrade minimatch to >=3.0.5
`<=3.0.4` is vulnerable but we only have it as a subdependency of dev dependencies. https://nvd.nist.gov/vuln/detail/CVE-2022-3517. ``` yarn why minimatch yarn why v1.22.19 [1/4] Why do we have the module "minimatch"...? [2/4] Initialising dependency graph... [3/4] Finding dependency... [4/4] Calculating file sizes... => Found "minimatch@3.0.4" info Has been hoisted to "minimatch" info Reasons this module exists - Hoisted from "eslint#minimatch" - Hoisted from "tslint#minimatch" - Hoisted from "eslint#@eslint#eslintrc#minimatch" - Hoisted from "eslint#@humanwhocodes#config-array#minimatch" - Hoisted from "mocha#glob#minimatch" info Disk size without dependencies: "44KB" info Disk size with unique dependencies: "64KB" info Disk size with transitive dependencies: "124KB" info Number of shared dependencies: 1 => Found "mocha#minimatch@4.2.1" info This module exists because "mocha" depends on it. info Disk size without dependencies: "44KB" info Disk size with unique dependencies: "64KB" info Disk size with transitive dependencies: "124KB" info Number of shared dependencies: 1 Done in 0.21s. yarn upgrade --recursive "minimatch@>=3.0.5" ``` and afterwards: ``` yarn why minimatch ✔ 2m 11s 16.15.0 yarn why v1.22.19 [1/4] Why do we have the module "minimatch"...? [2/4] Initialising dependency graph... [3/4] Finding dependency... [4/4] Calculating file sizes... => Found "minimatch@3.1.2" info Has been hoisted to "minimatch" info Reasons this module exists - Hoisted from "eslint#minimatch" - Hoisted from "tslint#minimatch" - Hoisted from "glob#minimatch" - Hoisted from "eslint#@eslint#eslintrc#minimatch" - Hoisted from "eslint#@humanwhocodes#config-array#minimatch" info Disk size without dependencies: "44KB" info Disk size with unique dependencies: "64KB" info Disk size with transitive dependencies: "124KB" info Number of shared dependencies: 1 => Found "mocha#minimatch@4.2.1" info This module exists because "mocha" depends on it. info Disk size without dependencies: "44KB" info Disk size with unique dependencies: "64KB" info Disk size with transitive dependencies: "124KB" info Number of shared dependencies: 1 => Found "mocha#glob#minimatch@3.1.2" info This module exists because "mocha#glob" depends on it. info Disk size without dependencies: "44KB" info Disk size with unique dependencies: "64KB" info Disk size with transitive dependencies: "124KB" info Number of shared dependencies: 1 Done in 0.23s. ```
This commit is contained in:
parent
fb52e3dcb2
commit
50df88a3ec