kenrestivo
commented
3 years ago Those links are 404
Open jerkey opened 3 years ago
kenrestivo
commented
3 years ago Those links are 404
kenrestivo
commented
3 years ago Dunno about security alerts, but I ran dependabot on a fork and merged its recommendations https://github.com/kenrestivo/sudo-humans/commits/master
jnny
commented
2 years ago @kenrestivo wanna turn that into a pull request? :)
github's dependabot says we need to do something so it can see what versions of pug and ecstatic we're using - this looks like it might be no big deal but since it's flagging as a possible security issue we should try to fix it. As for ecstatic, there is an actual security issue that's relevant unless we're using a more recent version.
Here's what github says we should do about it:
what to do about pug dependancy issue
what to do about ecstatic dependancy issue