moderate vulnerabilities in crypto-pouch

[joemc11]

1. Install crypto-pouch
2. run yarn audit
3. moderate vulnerabilities discovered in package

[jonathanmcchesney]

This is also an issue for our team too. Is crypto-pouch still being supported?

[garbados]

Hi folks,

This has been resolved as of the new refactor!

$ npm audit
# npm audit report

node-fetch  <=2.6.0 || 3.0.0-beta.1 - 3.0.0-beta.8
Denial of Service - https://npmjs.com/advisories/1556
fix available via `npm audit fix --force`
Will install pouchdb@7.0.0, which is a breaking change
node_modules/node-fetch
  pouchdb  >=7.1.0
  Depends on vulnerable versions of node-fetch
  node_modules/pouchdb

2 low severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Closing this issue for now but let me know if you have any issues and we can reopen :)