Describe the bug
Because this module ships with a shrinkwrap, it is impossible to avoid using the insecure braces@3.0.2, even using overrides.
Please either keep all dependencies up to date with security advisories, or remove the shrinkwrap from the deployment so that we can get security updates.
Steps to reproduce
- npm install netlify-cli
- npm audit
Observe that braces@3.0.2 is present in the tree, and cannot be overridden, due to the npm-shrinkwrap.json
Configuration
Not relevant.
Environment
System:
OS: macOS 14.5
CPU: (16) arm64 Apple M3 Max
Memory: 14.46 GB / 128.00 GB
Shell: 5.2.0 - /usr/local/bin/bash
Binaries:
Node: 20.13.1 - /usr/local/bin/node
Yarn: 1.22.18 - /usr/local/bin/yarn
npm: 10.7.0 - /usr/local/bin/npm
pnpm: 9.2.0 - /usr/local/bin/pnpm
bun: 1.1.6 - ~/bin/bun
npmPackages:
netlify-cli: ^17.29.0 => 17.29.0
Describe the bug
Because this module ships with a shrinkwrap, it is impossible to avoid using the insecure
braces@3.0.2, even using overrides.Please either keep all dependencies up to date with security advisories, or remove the shrinkwrap from the deployment so that we can get security updates.
Steps to reproduce
Observe that
braces@3.0.2is present in the tree, and cannot be overridden, due to the npm-shrinkwrap.jsonConfiguration
Not relevant.
Environment
System:
OS: macOS 14.5
CPU: (16) arm64 Apple M3 Max
Memory: 14.46 GB / 128.00 GB
Shell: 5.2.0 - /usr/local/bin/bash
Binaries:
Node: 20.13.1 - /usr/local/bin/node
Yarn: 1.22.18 - /usr/local/bin/yarn
npm: 10.7.0 - /usr/local/bin/npm
pnpm: 9.2.0 - /usr/local/bin/pnpm
bun: 1.1.6 - ~/bin/bun
npmPackages:
netlify-cli: ^17.29.0 => 17.29.0