mirror of
https://github.com/vector-im/element-call.git
synced 2026-06-30 18:02:56 +00:00
Document why we override resolved versions
This commit is contained in:
@@ -7,13 +7,29 @@ allowBuilds:
|
||||
"matrix-js-sdk@https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/8c95727b6278fe7942c20d0b9485f984dd0694b7": true
|
||||
"protobufjs": true
|
||||
overrides:
|
||||
# We need compatible versions of RxJS in our dependencies and LiveKit's dependencies, but
|
||||
# LiveKit has pinned it to a very specific version which is now holding us back from updating.
|
||||
# See livekit/components-js#1101 for a request for a proper solution.
|
||||
"@livekit/components-core>rxjs": "^7.8.1"
|
||||
# Dedupe Mediapipe dependencies.
|
||||
"@livekit/track-processors>@mediapipe/tasks-vision": "^0.10.18"
|
||||
"minimatch": "^10.2.3"
|
||||
# Security fix: https://security-tracker.debian.org/tracker/CVE-2026-31802
|
||||
"tar": "^7.5.11"
|
||||
# Security fixes:
|
||||
# - https://github.com/advisories/GHSA-7r86-cg39-jmmj
|
||||
# - https://github.com/advisories/GHSA-23c5-xmqv-rm74
|
||||
"minimatch": "^10.2.3"
|
||||
# Security fix: https://github.com/element-hq/element-call/security/dependabot/109
|
||||
"glob": "^10.5.0"
|
||||
# Security fixes:
|
||||
# - https://github.com/element-hq/element-call/security/dependabot/110
|
||||
# - https://github.com/element-hq/element-call/security/dependabot/122
|
||||
"qs": "^6.14.1"
|
||||
# Security fix: https://github.com/element-hq/element-call/security/dependabot/106
|
||||
"js-yaml": "^4.1.1"
|
||||
# Storybook declares support for 0.27.0 only but empirically works fine with 0.28.0.
|
||||
"esbuild": "^0.28.0"
|
||||
"flatted": "^3.4.2"
|
||||
"undici": "^6.24.0"
|
||||
# Multiple security fixes: https://github.com/nodejs/undici/releases/tag/v6.24.0
|
||||
"undici": "^6.24.0"
|
||||
# Security fix: https://github.com/advisories/GHSA-rf6f-7fwh-wjgh
|
||||
"flatted": "^3.4.2"
|
||||
Reference in New Issue
Block a user