Closed barnabycollins closed 2 years ago
I updated all dependencies in the djipevents
module. Unfortunately, I do not have any control over the vulnerable sub-dependencies.
WEBMIDI.js has been updated to use the latest version of djipevents
(2.0.5). The change will go out with the next release.
Thanks for reporting.
I should probably mention that the vulnerable dependencies are only used by tools (i.e. documentation generator) used during development (dev-dependency
). They are not direct dependencies of the library.
Ah, thank you for clarifying! Makes a lot of sense; thank you :)
Description I'm using this module in a project, and upon installing NPM tells me that the
sanitize-html
dependency contains vulnerabilities. I'm aware that it's underneath several other dependencies, including your own djipevents module, so it's not really a problem with this module, but I thought it could be worth opening an issue here too in order to allow for discussion etc. Are there plans to update the dependencies soon, in order to resolve these issues?Environment:
Details