Closed nsaje closed 7 months ago
Dependabot security issue is no longer there (withdrawn? not sure) but sync-engine uses 2.10.6
Not sure if that impacts prioritization @nsaje ?
It doesn't, we should still do this. It's not there because we ignored the alert in Vanta and created this issue to track the upgrade.
It was initially postponed because sync-engine was still using Redis v3 or something and we had to upgrade it to v7 first before upgrading this lib.
https://github.com/closeio/sync-engine/security/dependabot/18