Vulnerabilities when installing/updating in the recommended way

[tengwar]

When I install or update ungit using the method recommended in readme, npm warns me that there are vulnerabilities. I assume this means the dependencies are vulnerable. There's a hint that I should run npm audit fix --force to fix these vulnerabilities, but this doesn't work. I assume it needs the development environment set up in order to work. This problem happens both on Linux and on Windows.

$ ungit --version
1.5.18+eef7995
$ npm --version
8.3.2
$ node --version
v17.3.0

# npm update -g ungit
npm WARN deprecated mkdirp@0.3.0: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)

changed 216 packages, and audited 217 packages in 16s

11 packages are looking for funding
  run `npm fund` for details

3 vulnerabilities (1 moderate, 2 high)

To address all issues, run:
  npm audit fix --force

Run `npm audit` for details.

[campersau]

This should be fixed with the latest release https://github.com/FredrikNoren/ungit/releases/tag/v1.5.19

[tengwar]

It now mentions 3 moderate severity vulnerabilities.

$ ungit --version
1.5.19+e355698e
$ npm --version
8.4.0
$ node --version
v17.3.0

EDIT: It was complaining on update (sudo -H npm update -g ungit), but not on reinstall (sudo -H npm remove -g ungit && sudo -H npm install -g ungit). I decided that my lack of understanding of npm may mean I did something wrong and removing ungit is perhaps not enough for a true reinstall. I removed my manual installation of ungit and just installed the distro package.