I went ahead and ran npm install and it found quite a few vulnerable packages:
found 450 vulnerabilities (239 low, 206 moderate, 4 high, 1 critical)
Running npm audit fix didn't get them all. I had to run npm audit fix --force to fix them all. It said some dependencies had breaking changes, but everything's working for me so maybe it's looking at the version number changes. Either way, GitHub also has a service where it will automatically pull-request changes to vulnerable packages.
I would love it if this library could be updated with these changes.
I went ahead and ran
npm installand it found quite a few vulnerable packages:Running
npm audit fixdidn't get them all. I had to runnpm audit fix --forceto fix them all. It said some dependencies had breaking changes, but everything's working for me so maybe it's looking at the version number changes. Either way, GitHub also has a service where it will automatically pull-request changes to vulnerable packages.I would love it if this library could be updated with these changes.