Fix: found 13 vulnerabilities (3 moderate, 5 high, 5 critical) #19
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
I'm evaluating whether to use redux or a lighter weight alternative for a greenfield company project, and after reading well over a dozen articles and researching for quite some time, I found outstated which I find appealing since it's understandable and has a nice API for a team versus rolling my own thing atop of Context/Hooks. So, I'm sort of evaluating this atm and may submit more PRs or not ;-) I think the more current and updated it is, the easier a time I will have in selling my team on not using Redux.
Issue (I'll log in issues and cross link)
I git cloned and ran
npm install
to find some security warnings which seemed easy to fix:Fix & Verification
I just ran
npm audit fix
, but then ran all the npm scripts less clean to verify so you wouldn't have to:npm run example
npm run prepublish
npm run test
(all passing; looks like there's some handlebars related warnings?):UPDATE: It's a known issue not related to Outstated or my PR
npm run build
It looks like there's a less egregious warning for:
I could submit a patch for that if you'd like but I don't think it should be mixed with this PR which just fixes audit errors. Also, maybe it's ignorable since running
npm update
will mean a huge increase to the lock file.Also a warning I'm pretty sure I didn't cause with this:
I'd also be happy to submit a PR for that as well just lmk if interesting :)