sqlectron / sqlectron-core

https://sqlectron.github.io/
MIT License
221 stars 69 forks source link

replace valida dependency with valida2 #83

Closed MasterOdin closed 4 years ago

MasterOdin commented 4 years ago

valida appears to be unsupported (last commit was in 2017) and has a reported vulnerability on one of its dependencies (is-float). While the vulnerability is not actually an issue (as it's only if you use cli interface of is-float, which we do not), there's no point ignoring it. valida2 will also be worked upon to give typings and such in the future.

This, combined with #82, should resolve all outstanding vulnerabilities reported by npm audit.