mirror of
https://github.com/slsa-framework/slsa-verifier.git
synced 2026-02-14 17:49:58 +00:00
3f37511042
fixes https://github.com/slsa-framework/slsa-verifier/security/code-scanning/11 markdown-toc's latest v1.2.0 is still vulnerable via a transitive dependency, but hasn't received updates in a long time. This PR overrides one of the other transitive dependencies to a non-vulnerable version. more info here https://github.com/jonschlinkert/markdown-toc/issues/156#issuecomment-2197630000 # Testing process - Manually invoked `make markdown-toc` and it did succeed, while also adding a missing header in the README. - Made a few typos in the headers and markdown-toc did fix them. - Cloned markdown-toc, added the override, and its unit tests passed --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com> Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>
14 lines
279 B
JSON
14 lines
279 B
JSON
{
|
|
"scripts": {
|
|
"markdown-toc": "markdown-toc --bullets='-' -i",
|
|
"renovate-config-validator": "renovate-config-validator --strict"
|
|
},
|
|
"devDependencies": {
|
|
"markdown-toc": "1.2.0",
|
|
"renovate": "37.374.1"
|
|
},
|
|
"overrides": {
|
|
"autolinker": "^4.0.0"
|
|
}
|
|
}
|