From a8ff1e19dc4c1fed64e605225e0ad97a20881883 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Acid=20Chicken=20=28=E7=A1=AB=E9=85=B8=E9=B6=8F=29?= Date: Tue, 4 Jun 2019 23:06:30 +0900 Subject: [PATCH] Add resolutions for polluted packages for yarn users: Just `yarn install` then vulnerabilities are fixed! for npm users: Wait for support of 'resolutions' from npm. --- package.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package.json b/package.json index b6615ed5b0..3e7dde6c18 100644 --- a/package.json +++ b/package.json @@ -25,6 +25,10 @@ "test": "gulp test", "format": "gulp format" }, + "resolutions": { + "gulp-cssnano/cssnano/postcss-svgo/svgo/js-yaml": "^3.13.1", + "video-thumbnail-generator/lodash": "^4.17.11" + }, "dependencies": { "@elastic/elasticsearch": "7.0.0-rc.2", "@fortawesome/fontawesome-svg-core": "1.2.15",