This document serves as notes for why certain packages needed a resolution line in our package.json files. Why would you want to use selective version resolution?
Reason: vulnerability
- Hoisted from "_project_#websocket-driver#websocket-extensions"
- Hoisted from "_project_#@twilio-paste#website#gatsby#webpack-dev-server#sockjs#websocket-driver#websocket-extensions"
- Hoisted from "_project_#@twilio-paste#website#gatsby#webpack-dev-server#sockjs#faye-websocket#websocket-driver#websocket-extensions"
Fix blocked on this PR. Maintainer recommends using yarn resolution instead. Even after a fix would be applied, we would need to wait for Gatsby to upgrade this package as well.
Reason: vulnerability
- Hoisted from "_project_#@twilio-paste#website#gatsby#graphql-playground-middleware-express"
At this time, the latest Gatsby version does not have the correct version of this package.
Reason: vulnerability
- Hoisted from "_project_#@twilio-paste#codemods#meow"
At this time, various verions of Meow are used in other dependencies:
- changesets
- manypkg
- get-pkg-rep
- lpad-align