Haroenv
commented
3 years ago The only dependencies are Gatsby, algoliasearch and lodash.chunk, so it's natural they don't need to be updated often.
I just received https://github.com/algolia/gatsby-plugin-algolia/pull/120 to fix the yargs "vulnerability" (code isn't used here), but will likely move to making Gatsby a peer dependency and avoiding this issue in the future
It would be nice to see the dependencies upgraded for this project. Looks like the
yarn.lockfile hasn't been touched in 3 years? GitHub's dependabot tool shows 28 security issues that could be resolved by updating the packages