Commit 4ad4604
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?v=4&size=40){kind=avatar}
fix(SEC-7530): update react-server-dom-webpack to 19.0.1 (#310)
## Summary
Fixes [SEC-7530](https://launchdarkly.atlassian.net/browse/SEC-7530) by
adding a yarn resolution to override the vulnerable transitive
dependency `react-server-dom-webpack` from version
`19.0.0-rc-6230622a1a-20240610` to the safe version `19.0.1`.
The vulnerable version was pulled in by `jest-expo@~52.0.2`. Using a
yarn resolution is the standard approach to override transitive
dependencies.
**Link to Devin run**:
https://app.devin.ai/sessions/b4c805fbfef942e1adbe1b06a11d5f3c
**Requested by**: Patrick Kaeding (@pkaeding)
## How did you test this change?
- Ran `yarn install` to verify the resolution is applied correctly
- Ran `yarn format:all` to ensure code formatting passes
- CI will validate that tests pass with the updated dependency
## Are there any deployment considerations?
No deployment considerations. This is a dev/test dependency update only.
[SEC-7530]:
https://launchdarkly.atlassian.net/browse/SEC-7530?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Pins `react-server-dom-webpack` to 19.0.1 with a Yarn resolution and
updates lockfile (peer ranges and `webpack-sources`).
>
> - **Dependencies**:
> - Add Yarn `resolutions` entry to force
`[email protected]` in `package.json`.
> - Update `yarn.lock` to resolve `react-server-dom-webpack` to `19.0.1`
with updated peer deps (`react`, `react-dom` -> `^19.0.1`).
> - Add `webpack-sources@^3.2.0` dependency (resolved to `3.3.3`)
required by the updated package.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
dbecbbb. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
<!-- ld-jira-link -->
---
Related Jira issue: [SEC-7530: Update react-server-dom-webpack in
observability-sdk](https://launchdarkly.atlassian.net/browse/SEC-7530)
<!-- end-ld-jira-link -->
---------
Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>1 parent ee9f061 commit 4ad4604
2 files changed
+13
-11
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
40 | 40 | | |
41 | 41 | | |
42 | 42 | | |
43 | | - | |
| 43 | + | |
| 44 | + | |
44 | 45 | | |
45 | 46 | | |
46 | 47 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
39290 | 39290 | | |
39291 | 39291 | | |
39292 | 39292 | | |
39293 | | - | |
39294 | | - | |
39295 | | - | |
| 39293 | + | |
| 39294 | + | |
| 39295 | + | |
39296 | 39296 | | |
39297 | 39297 | | |
39298 | 39298 | | |
| 39299 | + | |
39299 | 39300 | | |
39300 | | - | |
39301 | | - | |
| 39301 | + | |
| 39302 | + | |
39302 | 39303 | | |
39303 | | - | |
| 39304 | + | |
39304 | 39305 | | |
39305 | 39306 | | |
39306 | 39307 | | |
| |||
46330 | 46331 | | |
46331 | 46332 | | |
46332 | 46333 | | |
46333 | | - | |
46334 | | - | |
46335 | | - | |
46336 | | - | |
| 46334 | + | |
| 46335 | + | |
| 46336 | + | |
| 46337 | + | |
46337 | 46338 | | |
46338 | 46339 | | |
46339 | 46340 | | |
| |||
0 commit comments