Package as of 1.9.2 is shows as vulnerable on snyk

[cyphercider]

Hey, great package. A vulnerability scan shows some out of date dependencies for codecov.io causing vulnerabilities within this package. I'm just starting using snyk and I don't see codecov.io in your package.json, so I'm not sure why that dependency is showing up on snyk...but just wanted to make sure you were aware.

https://snyk.io/test/npm/material-ui-superselectfield/1.9.2?

[Sharlaan]

Mmmmm i just investigated through Snyk.io and got a different report : https://i.imgur.com/1ZKo3CY.png

Looks to me a false positive from npm adding these 2 deps (codecov and coveralls) to published packages ?

I have added Snyk to our CI, thanks @tamethecomplex

[Westbrook]

I'm running into this with v1.9.5 when testing my app via npm audit. It seems to be coming from https://github.com/Sharlaan/material-ui-superselectfield/blob/master/.travis.yml#L11 when you add these packages for use in the CI.

Some versions of the test will not fail if you simple move that to add -D and keep them in development dependencies, however, if you don't actually need them accept for the testing phase, you could also just yarn remove them after the test command...

It would be really great not to have these failures in my repo, so let me know if there is anything I could do to help this along.