Closed clisterdmello closed 3 years ago
This package is not used in production, and is only used to compile and/or unit test the code. Therefore, any risk is quite low. But yes, it should be possible to update this package version.
Now fixed in uri-js@4.4.1
.
growl@1.9.2: version "1.9.2" resolved "https://registry.yarnpkg.com/growl/-/growl-1.9.2.tgz#0ea7743715db8d8de2c5ede1775e1b45ac85c02f"
is locked down in yarn.lock version but this version has vulnerabilities. Is it possible to update it to the version that mocha gets in?
└─┬ mocha@8.1.3 └── growl@1.10.5
There are other libraries as well. I will make a list of it but this seemed little high priority 👍 I can do a PR as well :)