search

prescottprue / react-redux-firebase

Redux bindings for Firebase. Includes React Hooks and Higher Order Components.
https://react-redux-firebase.com
MIT License
2.55k stars 559 forks source link

📦 Dependencies need updating #1143

Closed sesam closed 2 years ago

sesam commented 2 years ago

Do you want to request a feature or report a bug?

Bug: regular maintenance needed!

What is the current behavior? Missing out on easy regular updates, beginning with security updates.

Reproduce

npm audit and dependabot too has been signaling about this for a while.

What is the expected behavior? Community, supported by maintaner(s), release regular package updates to keep up with security issues.

Which versions of dependencies, and which browser and OS are affected by this issue? Did this work in previous versions or setups?

sesam commented 2 years ago

Checking out latest main branch (commit 03be8819bf41483f964e509c6e523f58d024dffc) and running npm install gave this:

found 340 vulnerabilities (25 low, 117 moderate, 166 high, 32 critical)

Most are related to devDeps, primarily gitbook and gitbook-cli which haven't been updated for several years.

But there are also some that really should be taken care of. And dependabot usually knows very well what pays off to fix.

sesam commented 2 years ago

~npm test passes on commit 6e4270c but not on latest master on commit 03be881 it seems.~ With npm audit fix it did fix up something more than the tests could cope with.

prescottprue commented 2 years ago

Included in v3.10.1