Closed BrettMontaigne closed 1 year ago
Reviewing this internally. Thanks for reporting @BrettMontaigne
Thanks for reporting @BrettMontaigne! We have recently implemented some workflows to automatically ensure our dependencies are kept up-to-date going forward.
Note that past vulnerabilities should not be any cause for concern as this tool does not create a server, nor execute any untrusted code on the user's behalf.
npm install yields
16 vulnerabilities (7 moderate, 5 high, 4 critical)
forcing a patch introduces breaking changes and more vulnerabilities in the audit tree
Is there an existing feature branch getting these to 0?
-Brett-