High Severity Dependabot alerts for @commercetools-frontend/mc-scripts #2953

nick-loyalty · 2023-02-02T02:10:48Z

This issue is relevant to Dependabot alerts, we got two High Severity Alerts from Dependabot as it needs two components update

These two components are both relevant to @commercetools-frontend/mc-scripts when we do npm ls

As we can see in the above, with the latest @commercetools-frontend/mc-scripts, it is still using minimatch@3.0.4 which Dependabot needs minimatch@3.0.5 and json5@0.5.1 which Dependabot needs json5@1.0.2.

Can we upgrade the @commercetools-frontend/mc-scripts to support newer version minimatch and json5 ?

kark · 2023-02-02T12:29:47Z

Hi @nick-loyalty,

thank you for creating the issue.
We'll look into it.

nick-loyalty added the 🐛 Type: Bug Something isn't working label Feb 2, 2023

kark added 🤖 Type: Dependencies Dependency updates or something similar and removed 🐛 Type: Bug Something isn't working labels Feb 2, 2023

kark mentioned this issue Feb 9, 2023

chore: replace rcfile with Prettier API for reading Prettier config #2958

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

High Severity Dependabot alerts for @commercetools-frontend/mc-scripts #2953

High Severity Dependabot alerts for @commercetools-frontend/mc-scripts #2953

nick-loyalty commented Feb 2, 2023

kark commented Feb 2, 2023

High Severity Dependabot alerts for @commercetools-frontend/mc-scripts #2953

High Severity Dependabot alerts for @commercetools-frontend/mc-scripts #2953

Comments

nick-loyalty commented Feb 2, 2023

kark commented Feb 2, 2023