Open Shepard opened 1 year ago
Thanks for noting this! I've just updated a lot of dependencies in #687. There's still one vulnerability listed for cheerio, which is both a critical piece of this project and one that is very hard to touch, in my experience. We have plans to come back to deal with cheerio soon.
Expected Behavior
No vulnerabilities reported by npm audit / yarn audit.
Current Behavior
Audit reports a bunch of vulnerabilities in dependencies of mercury-parser:
Steps to Reproduce
Detailed Description
I'm trying to keep our software free of vulnerabilities in order to reduce security risks for customers. It is good practice in my mind to update dependencies regularly to avoid any such issues.
Possible Solution
Would be great if these dependencies could be updated or replaced with others where necessary.