fix: bump dependencies - Githubissues

ToothlessGear / node-gcm

A NodeJS wrapper library port to send data to Android devices via Google Cloud Messaging

https://github.com/ToothlessGear/node-gcm

Other

1.3k stars 208 forks source link

fix: bump dependencies #353

Closed mtrezza closed 2 years ago

mtrezza commented 2 years ago

bumps dependencies
reduces vulnerabilities from 4 vulnerabilities (1 low, 2 moderate, 1 high) to 1 low

mtrezza commented 2 years ago

@ToothlessGear could you please review this PR and make a release to fix the vulnerabilities?

eladnava commented 2 years ago

@mtrezza Thanks for your contribution and suggestion!

I believe it would be preferred by @ToothlessGear and @hypesystem if we only were to update those dependencies with vulnerabilities reported by npm audit, which are lodash and mocha (dev).

I've gone forth and updated the dependencies in https://github.com/ToothlessGear/node-gcm/commit/f268b8bffab59b07e860c522ee206fd103a14365 and published to npm in 1.0.5. Thanks for your help!

mtrezza commented 2 years ago

Thanks for the fast release @eladnava, yes that sounds good and I'll keep that in mind for future PRs.

May I suggest to add snyk to this repository to fix vulnerabilities faster and without having to wait for a manual PR? These vulnerabilities were open for quite some time. https://github.com/ToothlessGear/node-gcm/issues/354