axkibe
commented
2 years ago PS: maybe ava should anyway be under "devDependencies"?
Open axkibe opened 2 years ago
axkibe
commented
2 years ago PS: maybe ava should anyway be under "devDependencies"?
I get several warnings from
npm audit, all because of bibtex-parse-js using a very old version of ava. (which in turn uses other packages with serious security risks).uses 0.15.2, current 4.3.3
-> Please update/upgrade your dependencies.
Note that npm install/upgrade will only update minor versions by itself not major.
Audit issues for ava are: 0.6.0 - 2.4.0