Thank you for this wonderful package that I use on a Nova project.
I have noticed through by CI security pipeline that some npm packages are outdated and have vulnerabilities :
> grype --only-fixed -o table dir:./
✔ Vulnerability DB [no update available]
✔ Indexed file system .
✔ Scanned for vulnerabilities [6 vulnerability matches]
├── by severity: 1 critical, 1 high, 4 medium, 0 low, 0 negligible
└── by status: 6 fixed, 0 not-fixed, 0 ignored
[0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
@babel/traverse 7.21.4 7.23.2 npm GHSA-67hx-6x53-jw92 Critical
axios 0.27.2 1.6.0 npm GHSA-wf5p-g6vw-rhxx Medium
browserify-sign 4.2.1 4.2.2 npm GHSA-x9w5-v3q2-3rhw High
postcss 8.4.22 8.4.31 npm GHSA-7fh5-64p2-3v2j Medium
semver 6.3.0 6.3.1 npm GHSA-c2qf-rxjj-qqgw Medium
semver 7.5.0 7.5.2 npm GHSA-c2qf-rxjj-qqgw Medium
Would it be possible to update the PHP/JS dependencies ? Otherwise, I'll have to fork the repository.
Hello,
Thank you for this wonderful package that I use on a Nova project.
I have noticed through by CI security pipeline that some npm packages are outdated and have vulnerabilities :
Would it be possible to update the PHP/JS dependencies ? Otherwise, I'll have to fork the repository.