There are 2 vulnerabilities in js-yaml that svgo used to have on its dependency list. svgo maintainers fixed that issue with the release of 1.2.2, however crass is still using outdated version of svgo (0.7.2) causing vulnerability notifications to pop out on npm, which in result might scare off many people from using that amazing tool.
There are 2 vulnerabilities in
js-yamlthatsvgoused to have on its dependency list.svgomaintainers fixed that issue with the release of1.2.2, howevercrassis still using outdated version ofsvgo(0.7.2) causing vulnerability notifications to pop out on npm, which in result might scare off many people from using that amazing tool.Related vulnerabilities: https://npmjs.com/advisories/813 https://npmjs.com/advisories/788