This document outlines the current issues, vulnerabilities, or items of note, regarding the dependencies for the Specials app. Please review this document before proceeding with any updates to the NPM dependencies.
Remember that the app contains two separate Node projects. The first is an Express project in the root directory. The second is a React project in the client directory. This document addresses each individually.
Specific Dependency Notes
-
node-fetch:
- Current Version: 2.x
- Important Note: The
node-fetchdependency is currently at version 2.x and must remain at this version to avoid breaking imports. This is acceptable as the developers are continuing to maintain this version. There is an ongoing investigation into replacingnode-fetchwith Node's nativefetchfeature.
Vulnerabilities
-
connect-mongodb-session/archetype/lodash.set:- Details: These vulnerabilities are all associated with the
archetypepackage, which is a dependency of theconnect-mongodb-sessiontop-level dependency. An open issue has been reported in theconnect-mongodb-sessionrepository to resolve this: connect-mongodb-session Issue #113.
- Details: These vulnerabilities are all associated with the
Specific Dependency Notes
None.
Vulnerabilities
None.