search

mapbox / geojsonhint

IMPORTANT: This repo will be archived. Use @placemarkio/check-geojson instead
ISC License
258 stars 37 forks source link

Remove unused underscore dependency #89

Closed omarkhan closed 1 year ago

omarkhan commented 1 year ago

I know you're not accepting new pull requests, but this is security-related and a very small change.

The underscore dependency is pinned to version 1.12.1 in package.json. ~This version has a security vulnerability that I can't resolve by upgrading underscore in my application, because geojsonhint pins an exact version.~

I was going to change it to specify a version range (^1.12.1), but then I realized that underscore is not actually used, so this removes it entirely. The tests pass.

EDIT: The vulnerability is actually in the version of underscore specified in the jsonlint-lines dependency.

a-s8h commented 1 year ago

FYI: removed in separate pull request