Fix vulnerabilities

[annam002]

The current version 1.3.12 of Figma code connect has security vulnerabilities. They keep us from integrating Figma code connect into our workflow.

The vulnerabilities are in the packages lodash and undici. For both packages, there are patched versions. However, when using these patched versions (via the overrides section in package.json), we run into synchronisation failures when trying to publish.

It would be nice if Figma Connect could be updated to so it does not bring about security vulnerabilities.

[rgullyfigma]

Hi @annam002 - thanks for reaching out. What synchronisation failures do you encounter when trying to publish?

[annam002]

The synchronisation failure is gone now. Seems to have been unrelated to the library versions after all. So, scratch that, sorry.
What remains is that the figma code connect library brings about these vulnerabilities.

[trevorkwhite]

+1 to this issue, ran into it on dependabot this morning

[literalpie]

Specifically, there's a dependency on loads 4.17.21, which has this CVE. Updating to the latest patch version should be pretty easy.