Commit a175a73
committed
fix(DEPS): bump diff override to 8.0.4 for sinon compatibility
Bugbot caught that sinon@21.1.2 (pulled in by the lockfile regen
in the previous commit) declares diff@^8.0.4, while the existing
override was still pinned to 8.0.3 — outside that range.
Bump to 8.0.4, which:
- satisfies sinon@21.1.2's ^8.0.4 requirement
- still keeps mocha above the vulnerable diff@7.0.0
(GHSA-73rr-hh4g-fpgx, fixed in 8.0.3)
- has no known advisories
`npm audit` remains clean (0 vulns).1 parent 2328365 commit a175a73
2 files changed
Lines changed: 7 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
121 | 121 | | |
122 | 122 | | |
123 | 123 | | |
124 | | - | |
| 124 | + | |
125 | 125 | | |
126 | 126 | | |
127 | 127 | | |
| |||
0 commit comments