Running npm audit against latest package version reveals several problems which likely need dependency updates in this library.
First and foremost is the fact that this package still relies on jade rather modern pug replacement. There are 5 vulnerabilities related to this package alone.
Second, an update should be made to multimatch to get latest version which would eliminate underlying lodash vulnerabilities as multimatch no longer uses this package as dependency.
Running
npm audit
against latest package version reveals several problems which likely need dependency updates in this library.First and foremost is the fact that this package still relies on
jade
rather modernpug
replacement. There are 5 vulnerabilities related to this package alone.Second, an update should be made to
multimatch
to get latest version which would eliminate underlyinglodash
vulnerabilities asmultimatch
no longer uses this package as dependency.This would leave only a single remaining vulnerability exposed by the
multimatch
library for which I have already opened an issue - https://github.com/sindresorhus/multimatch/issues/26