Describe the bug
A clear and concise description of what the bug is.
What is the release process to update dependencies to fix security issues in build dependencies ? eg 52 similar to below from a simple npm audit when installed via npm install @xmpp/client
Logs
from npm audit -
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Command Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.21 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-node-xmpp │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ node-red-node-xmpp > @xmpp/client > @babel/core > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1673 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Environment
Mac OS Nodejs 14.17.2
or Raspbian 12.22.2
⚠ If you need help with XMPP itself, please visit https://xmpp.org/community/ instead.
Describe the bug A clear and concise description of what the bug is.
What is the release process to update dependencies to fix security issues in build dependencies ? eg 52 similar to below from a simple
npm audit
when installed vianpm install @xmpp/client
Logs from npm audit -
Environment Mac OS Nodejs 14.17.2 or Raspbian 12.22.2