update dependencies to fix some vulnerabilities

twolfson / grunt-spritesmith

Grunt task for converting a set of images into a spritesheet and corresponding CSS variables

MIT License

1.14k stars 92 forks source link

update dependencies to fix some vulnerabilities #174

Closed striezel closed 3 years ago

striezel commented 3 years ago

There are too many vulnerabilities to mention (> 40).

npm audit still shows a few vulnerabilities, but they need to be fixed by someone with a deeper understanding of grunt-spritesmith.

striezel commented 3 years ago

Checks on Travis failed, because Node.js was too old:

npm WARN npm npm does not support Node.js v8.17.0
npm WARN npm You should probably upgrade to a newer version of node as we
npm WARN npm can't make any promises that npm will work with this version.
npm WARN npm You can find the latest version at https://nodejs.org/

So I took the liberty to update that as well.

twolfson commented 3 years ago

Awesome! Thanks for patching these vulnerabilties and fixing up Travis CI! =D

Going to tweak some items post-landing (i.e. prefer ~ for all dependencies due to poor experiences in the past (^ is exception for ones I maintain/part of this ecosystem), drop Node@15, add Node@16)

twolfson commented 3 years ago

This has been released in 6.9.0. Thanks again for the PR! =D