findup-sync v2 relies on insecure dependancies

[carpiediem]

Dependencies include kind-of v3 and braces v2. The current release of findup-sync is 4.0.0

https://github.com/jonschlinkert/git-branch/pull/12

[tilman]

As a workaround you can add this to your package.json (works with pnpm or yarn):

{
  ...
  "resolutions": {
    "findup-sync": "^4.0.0"
  }
  ...
}

The package seems to work with findup-sync 4.0.0 without any problems.