Update project dependencies to resolve vulnerability warnings (currently 113)

[brylie]

Running npm audit on the Vocabulary project warns of 113 vulnerabilities as of 2021-11-02. Granted, many of the vulnerabilities may be relatively low impact, particularly if they only pertain to devDependencies. However, we should upgrade our dependencies to reduce the warnings and improve the health of our project.

Task

• [ ] run npm audit to identify security vulnerabilities
• [ ] run npm audit --fix to automatically fix as many vulnerabilities as is possible
  • [ ] test the project to ensure it runs with the automatic fixes
• [ ] identify any packages with vulnerabilities that cannot be fixed automatically
• [ ] locate or create upstream bug reports related to the projects that cannot be upgraded
• [ ] consider removing redundant or unneeded dependencies

[brylie]

@Cronus1007, would you consider helping out with this task?

[Cronus1007]

@brylie Sure I will have a look upon this issue during this weekend

[brylie]

Thanks! I really appreciate it. :smiley:

[Cronus1007]

@brylie I have started working upon this issue. Once I would be able to get major work done regarding this issue I will raise a PR.

[Cronus1007]

@brylie Can you please have a look at the Github security policy of the repository since it can help me a lot to resolve this issue and also attach the screenshot of the security policy?

[brylie]

@Cronus1007 I'm not sure what GitHub security policy you're referring to. We have dependabot enabled on this repository.

In any case, the issue is related to the security vulnerabilities reported when running npm audit. Please review the npm audit output for further details.

[ShadyResurrected]

can i be assigned this issue

[possumbilities]

This project is moving towards being archived, and this item is no longer on the roadmap. Closing