fix(securite): fix vulnerabilities #6211
Conversation
Abdel-Monaam-Aouini
commented
Dec 6, 2024
•
Abdel-Monaam-Aouini
commented
|
That's some major change with |
|
There are already individual PRs that do this, I'm writing this from my phone, so I can't search for them easily. |
|
I thought we had decided to move these examples out of the main repo?I cant find the issue right now, but I think @UlisesGascon opened it? If so, I dont think we should go about updating them here. |
|
@wesleytodd this is the issue #5309 |
|
Ah thanks for finding that. Yeah I think we need to re-visit that soon here. Either way, I am not sure doing this large update of versions for the dev deps is a good idea either, it opens the door for a bunch of other problems (mainly that we need to vet them all and dont have time for that) and I would rather see us removing things then spending time updating them when the impact is small or non-existent (like in this case) |
I didn't have the time to work on that initiative for a long time, also the approach was more valid before we released express v5. So I am +1 to update them as they are now while thinking as a team if we want to keep alive the other initiative or not for 2025. |
|
For reference: https://socket.dev/npm/package/connect-redis/alerts/8.0.1 
This is funny, @UlisesGascon you are the new maintainer on the dep in question. And the other high issue is safe-buffer which we are working to remove anyway. I think we are good on this. I guess if others are good with this then I am as well. |
|
And marked looks good as well AFAICT: https://socket.dev/npm/package/marked |
