Update devDependency - Githubissues

apostrophecms / random-words

Generate one or more common English words. Intended for use as sample text, for example generating random blog posts for testing

MIT License

249 stars 72 forks source link

Update devDependency #19

Closed thechickennagget closed 3 years ago

thechickennagget commented 4 years ago

update mocha from 7.1.1 to 7.2.0

fugafree commented 3 years ago

Mocha 7.2.0 has a vulnerable transitive dependency: Lodash 4.17.15 (via yargs-unparser:1.6.0) Wouldn't it be better to upgrade to at least 8.1.0 to avoid this lib?

Vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2020-8203 https://nvd.nist.gov/vuln/detail/CVE-2021-23337 https://nvd.nist.gov/vuln/detail/CVE-2020-28500

thechickennagget commented 3 years ago

Mocha 7.2.0 has a vulnerable transitive dependency: Lodash 4.17.15 (via yargs-unparser:1.6.0) Wouldn't it be better to upgrade to at least 8.1.0 to avoid this lib?

i made this pull request more than a year ago