Burnett2k
commented
6 months ago Before fixing vulnerabilities, we may need to discuss moving this to newer versions of NodeJs.
@carbonrobot Are we planning to continue to support this project?
Closed Burnett2k closed 6 months ago
Burnett2k
commented
6 months ago Before fixing vulnerabilities, we may need to discuss moving this to newer versions of NodeJs.
@carbonrobot Are we planning to continue to support this project?
hartzis
commented
6 months ago 👋 heyo! I'm still here and I keep a very prudent eye on issues. It does not have vulnerabilities since the packages that "have vulnerabilities" are only build packages not bundled packages.
What sort of re-vamping and TLC do you think it is in need of?
I'm also willing to take this project back under my own ownership if that is something formidable/nearform would be willing to do.
carbonrobot
commented
6 months ago @hartzis Hey friend! Thanks for checking in. This was just part of an OSS audit we did on all packages in the organization, nothing specific to this package in general. I don't see anything here that affects the output runtime, and looking at the built dist from the package there is no shipped dependency with an issue.
The only thing I would worry much about here is the Node deprecation. Github actions (and other providers) will soon stop running anything <18.
carbonrobot
commented
6 months ago All critical and high security vulnerabilities have been reviewed by me, flagged appropriately, and we can now close this issue. No changes to the runtime code are needed.
https://github.com/FormidableLabs/react-swipeable/security/dependabot?q=is%3Aopen+severity%3Acritical%2Chigh