CVE-2022-37601 bump it up (#2355)

There's a slew of CVEs that stem from outdated versions in `yarn.lock` and some cruft in `package.json` that should've been removed ages ago: * `hoist-non-react-statics` hasn't been necessary since we yanked out the `injectIntl` hoc in 2018 in PR #696 * `@mdx-js/loader` I think is leftover from some early storybook work but storybook builds happily without it so 🤷 * bump `.github/workflows/ui.yml` from 1.1 to 1.5 to avoid trouble publishing yarn.lock when tests fail Refs CVE-2022-37601 Co-authored-by: John Coburn <[email protected]>
folio-org · Oct 2, 2024 · e5e1421 · e5e1421
1 parent 308daff
commit e5e1421
Show file tree

Hide file tree

Showing 3 changed files with 2,794 additions and 1,423 deletions.
diff --git a/.github/workflows/ui.yml b/.github/workflows/ui.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   ui:
-    uses: folio-org/.github/.github/workflows/ui.yml@v1.1
+    uses: folio-org/.github/.github/workflows/ui.yml@v1.5
     secrets: inherit
     with:
       jest-enabled: false

diff --git a/package.json b/package.json
@@ -56,7 +56,6 @@
     "@folio/stripes-cli": "^3.0.0",
     "@folio/stripes-testing": "^4.7.0",
     "@formatjs/cli": "^6.1.3",
-    "@mdx-js/loader": "^1.6.22",
     "@storybook/addon-actions": "^7.6.12",
     "@storybook/addon-essentials": "^7.6.12",
     "@storybook/addon-mdx-gfm": "7.6.12",
@@ -104,7 +103,6 @@
     "downshift": "^9.0.4",
     "flexboxgrid2": "^7.2.0",
     "focus-trap": "^7.5.4",
-    "hoist-non-react-statics": "^3.1.0",
     "json2csv": "^4.2.1",
     "lodash": "^4.17.4",
     "memoize-one": "^6.0.0",