Closed sesam closed 2 years ago
Checking out latest main branch (commit 03be8819bf41483f964e509c6e523f58d024dffc) and running npm install
gave this:
found 340 vulnerabilities (25 low, 117 moderate, 166 high, 32 critical)
Most are related to devDeps, primarily gitbook and gitbook-cli which haven't been updated for several years.
But there are also some that really should be taken care of. And dependabot usually knows very well what pays off to fix.
~npm test
passes on commit 6e4270c but not on latest master on commit 03be881 it seems.~
With npm audit fix
it did fix up something more than the tests could cope with.
Included in v3.10.1
Do you want to request a feature or report a bug?
Bug: regular maintenance needed!
What is the current behavior? Missing out on easy regular updates, beginning with security updates.
Reproduce
npm audit
and dependabot too has been signaling about this for a while.What is the expected behavior? Community, supported by maintaner(s), release regular package updates to keep up with security issues.
Which versions of dependencies, and which browser and OS are affected by this issue? Did this work in previous versions or setups?