From 3641289b0869e43d49ae0d79f43d9e2f9c25b158 Mon Sep 17 00:00:00 2001 From: Richard Bangay Date: Wed, 27 Nov 2024 10:05:20 +0000 Subject: [PATCH] mitgate cross-spawn dependency vulnerability by updating core dependencies and forcing a patched version by using the reolutions block in package.json --- cdk/package.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cdk/package.json b/cdk/package.json index de3888273..9048edc24 100644 --- a/cdk/package.json +++ b/cdk/package.json @@ -12,7 +12,7 @@ "deploy-code": "cdk deploy --path-metadata false --version-reporting false ManageFrontend-CODE" }, "devDependencies": { - "@guardian/cdk": "50.10.6", + "@guardian/cdk": "60.1.3", "@guardian/eslint-config-typescript": "1.0.7", "@guardian/prettier": "1.0.0", "@types/jest": "^27.5.0", @@ -60,5 +60,8 @@ "@typescript-eslint/no-inferrable-types": 0, "import/no-namespace": 2 } + }, + "resolutions": { + "cross-spawn": "^7.0.5" } }