frontend-build: update immer package

Description

Our fronend-app-payment pre-commit check shows a high failure for the immer package in frontend-build

It looks like frontend-build is currently using version 1.10.0 (2 years old) and should be updated to 8.0.1 to fix this issue: https://www.npmjs.com/advisories/1603

 === npm audit security report ===  

Manual Review                                

Some vulnerabilities require your attention to resolve           

Visit https://go.npm.me/audit-guide for additional guidance  

High

Prototype Pollution

Package

immer

Patched in

>=8.0.1     

 Dependency of

@edx/frontend-build [dev]      

 Path 

 @edx/frontend-build > react-dev-utils > immer    

 More info 

https://npmjs.com/advisories/1603   

Steps to Reproduce

None

Current Behavior

None

Expected Behavior

None

Reason for Variance

None

Release Notes

None

User Impact Summary

None

Activity

Show:
Diane Kaplan
February 26, 2021, 3:37 PM

here you go!

Done

Assignee

Adam Stankiewicz

Reporter

Diane Kaplan

Labels

None

Reach

None

Impact

None

Platform Area

None

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Priority

Unset