Problem/Motivation
yarn audit shows the following numbers of vulnerabilities on each branch:
- 10.0.x, 9.4.x, and 9.3.x: 18 Moderate | 3 High
- 9.2.x: 24 Moderate | 4 High
Steps to reproduce
- cd core
- yarn install
- yarn audit
Proposed resolution
Not all of the dependency updates can be addressed without increasing our constraints. However, running a yarn upgrade without modifying the constraints gets rid of some of the vulnerabilities, reducing it to:
- 10.0.x, 9.4.x, 9.3.x: 16 Moderate | 1 High
- 9.2.x: 12 Moderate
Let's fix those first (after reviewing that the upgraded versions are safe and testing). Then, let's handle whatever increases we need to make to constraints in followup issues.
Remaining tasks
This might be blocked on an upstream issue with Terser.
Patches for 10.0.x, 9.4.x, 9.3.x, and 9.2.x that run:
- cd core
- yarn install
- yarn upgrade
Address remaining vulnerabilities that require changes to constraints in followup issues.
User interface changes
TBD
API changes
TBD
Data model changes
TBD
Release notes snippet
TBC