AB#129522 - Fix critical / high dependencies in back-end#1231
AB#129522 - Fix critical / high dependencies in back-end#1231AntoineRelief merged 6 commits intonextfrom
Conversation
Joselgc1
changed the title
| "json2csv": "^5.0.6", | ||
| "jsonpath": "^1.1.1", | ||
| "jsonwebtoken": "^9.0.0", | ||
| "jsonpath-plus": "^10.4.0", |
There was a problem hiding this comment.
@Joselgc1
why this change?
jsonpath also has a new version, no?
There was a problem hiding this comment.
@AntoineRelief I tried to do that and just upgrade jsonpath to its latest version (1.3.0), but the audit still showed 13 vulnerabilities, with 2 high ones, because jsonpath uses underscore@1.13.6. Then I saw that with jsonpath-plus we had no high errors so I used that. Do you want me to switch it back with the latest version?
There was a problem hiding this comment.
@Joselgc1
Okay, well I agree with the change + jsonpath-plus seems to have more support, but let's remove the util & use the library without an additional wrapper
There was a problem hiding this comment.
@Joselgc1
Okay, well I agree with the change + jsonpath-plus seems to have more support, but let's remove the util & use the library without an additional wrapper
2 participants
Description
Updated several backend packages and dependencies to address the npm audit findings, then refreshed the dependency tree by running npm install. It also replaces the jsonpath package with a maintained alternative while keeping the existing usage pattern intact.
Useful links
Type of change
Please delete options that are not relevant.
Checklist:
( * == Mandatory )