duhrer
commented
2 years ago We already use npm-audit-resolve, just need to exclude some newer dev vulnerabilities.
Closed duhrer closed 2 years ago
duhrer
commented
2 years ago We already use npm-audit-resolve, just need to exclude some newer dev vulnerabilities.
duhrer
commented
2 years ago I couldn't update node-fetch, as it's jumped over to ES6-land in the latest version.
In working on another pull (#92) I noticed that the security audit check in the workflow failed. We should update dependencies as far as possible anyway, but if there are any leftover or we can't upgrade, we might want to migrate to using npm-audit-resolve for CI.