popa-marius
commented
4 years ago Since I did not see any activity on this Issue or the PR I am considering the project inactive.
If there are others like me, which do no want to switch to an alternative of this project, but want the vulnerabilities fixed, I created a fork with the fixes and also released it so they can be used directly from NPM:
https://www.npmjs.com/package/@popa-marius/pushstate-server https://github.com/popa-marius/pushstate-server
Currently there are these vulnerabilities present in the current dependencies of js-yaml and minimist:
I created this PR as a fix https://github.com/scottcorgan/pushstate-server/pull/89
A need for update PRs could be avoided in the future if there is a switch done from fixed dependency versioning to a patch versioning scheme
~.