Update yarn indirect dependencies

It’s common that some indirect dependencies are deprecated due to some vulnerability issues. for example,

I have multiple indirect dependencies on `kind-of`

which are being used by various other dependencies (direct and indirect)



which recently found out there is an isuse with `kind-of`

https://github.com/advisories/GHSA-6c8f-qphg-qjgp

and to update this indirect dependencies, the solution is to add a solution block in package.json

after that, then just run `yarn`

it will update the dependencies to correct version

refer to https://classic.yarnpkg.com/en/docs/selective-version-resolutions/

https://itnext.io/fixing-security-vulnerabilities-in-npm-dependencies-in-less-than-3-mins-a53af735261d

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s