Problem/Motivation
yarn audit shows the following numbers of vulnerabilities on each branch:
- 10.0.x, 9.4.x, and 9.3.x: 18 Moderate | 3 High
- 9.2.x: 24 Moderate | 4 High
Steps to reproduce
- cd core
- yarn install
- yarn audit
Proposed resolution
Not all of the dependency updates can be addressed without increasing our constraints. However, running a yarn upgrade without modifying the constraints gets rid of some of the vulnerabilities, reducing it to:
- 10.0.x, 9.4.x, 9.3.x: 16 Moderate | 1 High
- 9.2.x: 12 Moderate
Let's fix those first (after reviewing that the upgraded versions are safe and testing). Then, let's handle whatever increases we need to make to constraints in followup issues.
Remaining tasks
Patches for 10.0.x, 9.4.x, 9.3.x, and 9.2.x that run:
- cd core
- yarn install
- yarn upgrade