chore(deps): avoid vulnerable [email protected] (#430)

aws · May 18, 2021 · 2da01e5 · 2da01e5
1 parent 465e75e
commit 2da01e5
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 711 deletions.
diff --git a/package.json b/package.json
@@ -108,9 +108,14 @@
     "typescript": "~4.2.4"
   },
   "resolutions-netmask-comment": "transitive dep from proxy-agent 4.0.1 & pac-resolver 4.1.0, which are transitive deps from CDK. Remove the forced resolution when able.",
+  "resolutions-hosted-git-info": "transitive dep from [email protected] and [email protected]. hosted-git-info v3.0.0 - v3.0.7 contain a security vulnerability. It is safe to remove/update overrides as long as we stay out of the vulnerable window",
   "resolutions": {
     "netmask": "^2.0.1",
-    "pac-resolver": "^4.2.0"
+    "pac-resolver": "^4.2.0",
+    "**/get-pkg-repo/**/hosted-git-info": "^2.1.4",
+    "**/git-raw-commits/**/hosted-git-info": "^2.1.4",
+    "**/read-pkg-up/**/hosted-git-info": "^2.1.4",
+    "hosted-git-info": "^3.0.8"
   },
   "workspaces": {
     "packages": [