Closed mtrezza closed 2 years ago
@ToothlessGear could you please review this PR and make a release to fix the vulnerabilities?
@mtrezza Thanks for your contribution and suggestion!
I believe it would be preferred by @ToothlessGear and @hypesystem if we only were to update those dependencies with vulnerabilities reported by npm audit
, which are lodash
and mocha
(dev).
I've gone forth and updated the dependencies in https://github.com/ToothlessGear/node-gcm/commit/f268b8bffab59b07e860c522ee206fd103a14365 and published to npm in 1.0.5
. Thanks for your help!
Thanks for the fast release @eladnava, yes that sounds good and I'll keep that in mind for future PRs.
May I suggest to add snyk to this repository to fix vulnerabilities faster and without having to wait for a manual PR? These vulnerabilities were open for quite some time. https://github.com/ToothlessGear/node-gcm/issues/354
4 vulnerabilities (1 low, 2 moderate, 1 high)
to1 low