chore: update package.json to do not reference vulnerable dependency

medikoo / memoizee

Complete memoize/cache solution for JavaScript

ISC License

1.73k stars 61 forks source link

chore: update package.json to do not reference vulnerable dependency #134

Closed kopach closed 3 months ago

kopach commented 3 months ago

fix: #133

note, no changes to package-lock.json since correct version already referenced there (which still didn't stop security scanners from blaming this repo/package)

kopach commented 3 months ago

@medikoo, please, take a look

medikoo commented 3 months ago

@kopach thanks for reaching out, and attempt of taking care of that 👍 Still I follow the process where dependencies are automatically bumped with new release.

And to mark corrensponding issue closed, I've just released v0.4.16 with es5-ext bumped

kopach commented 3 months ago

Sure thing. Thanks for sorting this out