GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 03:14:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): Remove resolutions that no longer prevent downgrades (#12304)

Browse Source 
* chore(deps): Remove resolutions that no longer prevent downgrades

Audited each resolution by removing it and running yarn install to check
whether any package would resolve to a lower version. Removed 31 entries
that were no-ops because the natural resolution already satisfies (or
exceeds) the resolution target — caret ranges that npm now publishes a
matching or higher version for, and one fast-xml-parser pin where the
underlying dependency moved.

Kept 13 entries: those that still prevent a regression, plus the @types/*
and prosemirror-transform pins that exist to dedupe transitive copies
against the project's own pinned versions.

* chore(deps): Bump @babel/preset-env to 7.29.5 to address GHSA-fv7c-fp4j-7gwp

@babel/plugin-transform-modules-systemjs <=7.29.3 generates arbitrary
code when compiling malicious input. Upgrading @babel/preset-env to
^7.29.5 brings in the patched ^7.29.4 transitively.

---------

Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
Tom Moor
2026-05-09 09:02:50 -04:00
committed by GitHub
parent 7a75433bdc
commit 4548fc00bf
2 changed files with 113 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
+2 -33
View File
@@ -279,7 +279,7 @@
"@babel/core": "^7.28.6",
"@babel/plugin-proposal-decorators": "^7.28.6",
"@babel/plugin-transform-class-properties": "^7.27.1",
"@babel/preset-env": "^7.29.3",
"@babel/preset-env": "^7.29.5",
"@babel/preset-react": "^7.28.5",
"@babel/preset-typescript": "^7.28.5",
"@faker-js/faker": "^8.4.1",
@@ -382,45 +382,14 @@
"prosemirror-transform": "1.10.5",
"debug": "4.3.4",
"js-yaml": "^4.1.1",
"qs@npm:^6.5.2": "^6.14.2",
"qs@npm:^6.11.0": "^6.14.2",
"qs@npm:^6.14.0": "^6.14.2",
"prismjs": "1.30.0",
"cheerio": "1.0.0-rc.12",
"zod": "^4.3.6",
"fast-xml-parser@npm:5.5.7": "5.7.0",
"fast-xml-parser@npm:5.5.8": "5.7.0",
"@aws-sdk/xml-builder@npm:^3.972.18": "npm:3.972.22",
"ajv@npm:^8.0.0": "^8.18.0",
"ajv@npm:^8.6.0": "^8.18.0",
"ajv@npm:^8.17.1": "^8.18.0",
"ajv@npm:~8.13.0": "^8.18.0",
"@types/markdown-it": "14.1.2",
"minimatch@npm:^3.0.2": "^3.1.5",
"ip-address@npm:10.1.0": "^10.2.0",
"ip-address@npm:^10.0.1": "^10.2.0",
"minimatch@npm:^3.0.4": "^3.1.5",
"minimatch@npm:^3.1.1": "^3.1.5",
"minimatch@npm:^5.0.1": "^5.1.9",
"minimatch@npm:9.0.1": "9.0.9",
"minimatch@npm:^9.0.4": "^9.0.9",
"brace-expansion@npm:^1.1.7": "^1.1.13",
"brace-expansion@npm:^2.0.1": "^2.0.3",
"picomatch@npm:^2.0.4": "^2.3.2",
"picomatch@npm:^2.2.1": "^2.3.2",
"picomatch@npm:^2.2.2": "^2.3.2",
"picomatch@npm:^2.2.3": "^2.3.2",
"picomatch@npm:^2.3.1": "^2.3.2",
"picomatch@npm:^4.0.2": "^4.0.4",
"picomatch@npm:^4.0.3": "^4.0.4",
"lodash@npm:4.17.21": "^4.18.1",
"lodash@npm:^4.17.11": "^4.18.1",
"lodash@npm:^4.17.20": "^4.18.1",
"lodash@npm:^4.17.21": "^4.18.1",
"lodash@npm:^4.17.23": "^4.18.1",
"lodash-es@npm:4.17.23": "^4.18.1",
"lodash-es@npm:^4.17.21": "^4.18.1",
"lodash-es@npm:^4.17.23": "^4.18.1"
"lodash-es@npm:4.17.23": "^4.18.1"
},
"version": "1.7.1",
"packageManager": "yarn@4.11.0"