ues-io · techfg · Jun 5, 2025 · Jun 5, 2025
diff --git a/README.md b/README.md
@@ -623,7 +623,7 @@ For Go **package naming**, we follow this [guideline](https://blog.golang.org/pa
    - https://github.com/jestjs/jest/issues/15325
 4. There is a known security vulnerability with [esbuild 0.17.19](https://github.com/ues-io/uesio/security/dependabot/52) which is due to [@modern-js/node-bundle-require](https://github.com/web-infra-dev/modern.js/issues/6993) that is pinned to that esbuild version since it maintains support for [Node 16 until June 30, 2025](https://github.com/web-infra-dev/modern.js/issues/6993#issuecomment-2791792837). To workaround, adding overriding for [esbuild](./package.json#L176).
    - TODO: Once https://github.com/web-infra-dev/modern.js/issues/6993 is resolved/merged/released, the override for esbuild in package.json can be removed.
-5. There is a known security vulnerability with [koa 2.15.4](https://github.com/ues-io/uesio/security/dependabot/51) which is due to [@module-federation/dts-plugin](https://github.com/module-federation/core/pull/3683) which [@nx/module-federation](https://github.com/nrwl/nx/blob/master/packages/module-federation/package.json#L34) indirectly depends on via `@module-federation/enhanced`. Once https://github.com/module-federation/core/pull/3683 is merged/released, will need to wait for `nx` to update its version, possibly covered by https://github.com/nrwl/nx/issues/30502.
-   - TODO: Monitor https://github.com/module-federation/core/pull/3683 for resolution and then `nx` for updating to use the new version via https://github.com/nrwl/nx/pull/30806 (see also https://github.com/nrwl/nx/issues/30748 & https://github.com/nrwl/nx/issues/30502).
+5. There is a known security vulnerability with [koa 2.15.4](https://github.com/ues-io/uesio/security/dependabot/51) which is due to [@module-federation/dts-plugin](https://github.com/module-federation/core/pull/3683) which [@nx/module-federation](https://github.com/nrwl/nx/blob/master/packages/module-federation/package.json#L34) indirectly depends on via `@module-federation/enhanced`. Once https://github.com/module-federation/core/pull/3683 is merged/released, will need to wait for `nx` to update its version, possibly covered by https://github.com/nrwl/nx/issues/30502 and/or https://github.com/nrwl/nx/issues/30748.
+   - TODO: Monitor https://github.com/module-federation/core/pull/3683 for resolution and then `nx` for updating to use the new version via https://github.com/nrwl/nx/pull/30806 or https://github.com/nrwl/nx/pull/31435 (see also https://github.com/nrwl/nx/issues/30748 & https://github.com/nrwl/nx/issues/30502).
 6. `tailwind-merge` v3.x requirese tailwind 4 so sticking with v2.x until the uesio styling system can be refactored and/or testing can be performed with how, if at all due to tailwind v4 base, the other tailwind dependencies interoperate with `tailwind-merge` v3.x.
 7. `@twind/*` packages have their `typescript` dependency overridden to our current `typescript` version due to [peer deps warning](https://github.com/tw-in-js/twind/issues/513). This package no longer appears to be maintained and, similar to `tailwind-merge`, an alternate solution should be researched including refactoring the uesio styling system as a whole.