Closed kaiyoma closed 5 years ago
I just tried a yarn install
and yarn audit
in this repo and everything looks fine, so the problem must lie elsewhere.
$ yarn audit
yarn audit v1.13.0
0 vulnerabilities found - Packages audited: 12
Done in 0.46s.
If I run
yarn audit
in my project, I get warnings aboutbraces
because of this security advisory: https://nodesecurity.io/advisories/786If I'm going down the
yarn why
rabbit hole correctly, this is happening because ...an old version ofbraces
is being installed, because ...an old version ofmicromatch
is being installed, because ...an old version ofrollup-pluginutils
is being installed ...which is a dependency of this projectThere haven't been any commits here in a year and a half. Could we get some updated dependencies to mitigate security issues?