Open sarathms opened 4 years ago
This will take longer than expected. Some dependencies are not trivial to upgrade to latest version. It might be possible to upgrade to some intermediate version with minimal code changes, but to find such versions will take the same time to make changes to work with all latest versions.
Github reports vulnerabilities in dependent packages. https://github.com/ooni/orchestra/network/alerts
Dependabot has opened #76 to upgrade
next
to4.x.x
, maybe it can be upgraded to more recent versions closer to the latest9.x.x
Other indirect dependencies can be fixed by pinning versions under
resolutions
inpackage.json
.