[Question] Vulnerability Handling and pinned versions in exposed dependencies #796
Description
I was just wondering if it might be an option to at least allow any bugfix version in the dependencies you have specified.
Currently the dependencies are completely fixed. And in a case like now, that a peer dependency has a vulnerability (@nestjs/core) that is, you would need a new release to include the available bugfix.
I was wondering if it might be an option to open up a bit and allow any bugfix versions.
"node_modules/@openapitools/openapi-generator-cli": { ... "dependencies": { "@nestjs/axios": "3.0.2", "@nestjs/common": "10.3.0", "@nestjs/core": "10.3.0", // <- this currently has a high vulnerability, but just a clean install won't fix it due to pinned version "@nuxtjs/opencollective": "0.3.2", "axios": "1.7.4", "chalk": "4.1.2", "commander": "8.3.0", "compare-versions": "4.1.4", "concurrently": "6.5.1", "console.table": "0.10.0", "fs-extra": "10.1.0", "glob": "7.2.3", "https-proxy-agent": "7.0.4", "inquirer": "8.2.6", "lodash": "4.17.21", "reflect-metadata": "0.1.13", "rxjs": "7.8.1", "tslib": "2.6.2" }, ... }