Running npm audit fix didn't get them all. I had to run npm audit fix --force to fix them all. It said some dependencies had breaking changes, but everything's working for me so maybe it's looking at the version number changes. Either way, GitHub also has a service where it will automatically pull-request changes to vulnerable packages.
I would love it if this library could be updated with these changes.
I went ahead and ran
npm install
and it found quite a few vulnerable packages:Running
npm audit fix
didn't get them all. I had to runnpm audit fix --force
to fix them all. It said some dependencies had breaking changes, but everything's working for me so maybe it's looking at the version number changes. Either way, GitHub also has a service where it will automatically pull-request changes to vulnerable packages.I would love it if this library could be updated with these changes.