leebyron / rollup-plugin-flow

Rollup plugin for removing Flow type annotations.
Other
80 stars 11 forks source link

Dependencies need to be updated to avoid security issues #9

Closed kaiyoma closed 5 years ago

kaiyoma commented 5 years ago

If I run yarn audit in my project, I get warnings about braces because of this security advisory: https://nodesecurity.io/advisories/786

If I'm going down the yarn why rabbit hole correctly, this is happening because ...an old version of braces is being installed, because ...an old version of micromatch is being installed, because ...an old version of rollup-pluginutils is being installed ...which is a dependency of this project

There haven't been any commits here in a year and a half. Could we get some updated dependencies to mitigate security issues?

kaiyoma commented 5 years ago

I just tried a yarn install and yarn audit in this repo and everything looks fine, so the problem must lie elsewhere.

$ yarn audit
yarn audit v1.13.0
0 vulnerabilities found - Packages audited: 12
Done in 0.46s.