fix: update rollup and serialize-javascript to secure versions #13703
Conversation
|
Hi @d-a-v-i--! Thank you for your pull request and welcome to our community. Action RequiredIn order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at [email protected]. Thanks! |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks! |
1 similar comment
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks! |
Pull Request: Fix Vulnerabilities
This PR addresses multiple vulnerabilities in the dependencies of
create-react-appby updating several packages:rollupto version 3.29.5.serialize-javascriptto version 6.0.2.axios,got,lodash, and more... as found in the npm audit report in order to make a successful test of the first two.Vulnerabilities Addressed
These changes mitigate the risks associated with the listed vulnerabilities and adhere to the project's monorepo structure, improving the overall security posture of the project.