mitigates a dependency problem which caused an audit finding

2022-01-28 23:20:45 +01:00 · 2022-01-28 23:20:45 +01:00 · 2997da6ec4
parent 9471ff758b
commit 2997da6ec4
2 changed files with 128 additions and 343 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -39,9 +39,16 @@
    "ws": "8.4.2",
    "xml2js": "0.4.23"
  },
+  "//fix1Comment": "version 0.5.3-8 currently does not work with bleno",
  "optionalDependencies": {
    "@abandonware/bluetooth-hci-socket": "0.5.3-7"
  },
+  "//fix2Comment": "a hacky fix to not install the optional dependency xpc-connect which has a security issue",
+  "overrides": {
+    "@abandonware/bleno": {
+      "xpc-connect@": "npm:debug"
+    }
+  },
  "devDependencies": {
    "@babel/eslint-parser": "7.16.5",
    "@babel/plugin-proposal-decorators": "7.16.7",