Update transitive dependencies

I see a security vulnerability warning on Github. I hope that updating transitive dependencies will silence the security warning. I did `rm yarn.lock` followed by `yarn install`. EDIT: OK, I found out what's causing the security warning. With ``` yarn list lodash ├─ bitcore-lib@0.13.19 │ └─ lodash@3.10.1 └─ lodash@4.17.15 ``` gives us the hint that the outdated lodash comes from `bitcore-lib` which in turn is required by the extremely outdated `activitystrea.ms` package. I tried to update it's dependencies in my fork without success. If we ever touch the activity pub implementation we might have to maintain this package ourselves. FYI: @Mastercuber
2025-12-13 07:45:56 +00:00 · 2019-08-22 19:45:24 +02:00 · 2019-08-22 19:45:24 +02:00 · 400b648ae9
commit 400b648ae9
parent 2386be5ef4
2 changed files with 799 additions and 906 deletions
--- a/backend/package.json
+++ b/backend/package.json
@ -61,7 +61,7 @@
    "dotenv": "~8.1.0",
    "express": "^4.17.1",
    "faker": "Marak/faker.js#master",
-    "graphql": "~14.4.2",
+    "graphql": "^14.5.0",
    "graphql-custom-directives": "~0.2.14",
    "graphql-iso-date": "~3.6.1",
    "graphql-middleware": "~3.0.5",
--- a/backend/yarn.lock
+++ b/backend/yarn.lock