Have you read the Contributing Guidelines on issues?
Motivation
https://github.com/vercel/serve/releases
The latest version of serve-handler (v14.2.6) has just updated the versions of its dependencies to patch their security vulnerabilities. However, that used by Docusaurus is too old to get its benefits:
|
"serve-handler": "^6.1.6", |
There is a PR to use ^ versioning there: https://github.com/vercel/serve/pull/847; Docusaurus will not get benefit from it even if it is merged and shipped.
You need to override a transitive dependency minimatch to silence Dependabot, which is not a healthy practice. You have only to (p)npm update.
Self-service
Have you read the Contributing Guidelines on issues?
Motivation
https://github.com/vercel/serve/releasesThe latest version of serve-handler (v14.2.6) has just updated the versions of its dependencies to patch their security vulnerabilities. However, that used by Docusaurus is too old to get its benefits:docusaurus/packages/docusaurus/package.json
Line 70 in ea921cb
There is a PR to use^versioning there:https://github.com/vercel/serve/pull/847; Docusaurus will not get benefit from it even if it is merged and shipped.You need to override a transitive dependencyYou have only tominimatchto silence Dependabot, which is not a healthy practice.(p)npm update.Self-service