rollup-plugin-minify-html-literals icon indicating copy to clipboard operation
rollup-plugin-minify-html-literals copied to clipboard

Published 20 hours ago verified publisher icon asyncLiz

fix: Update outdated and vulnerable packages

Open tonyganchev opened this issue 2 years ago • 2 comments

Changes

  • All dev dependencies raised to latest versions.
  • Added rollup ^4.0.0 as a supported peer dependency.
  • Fixed typing errors in test.
  • Added myself as contributor

Leftovers

# npm audit report

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  coveralls  *
  Depends on vulnerable versions of request
  node_modules/coveralls

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

3 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Testing

Ran the test included in the project.

tonyganchev avatar Nov 14 '23 06:11 tonyganchev

@bennypowers , @deebloo , @asyncLiz any chance of getting this merged so we can update rollup? Or @tonyganchev did you find an alternative to this that is still supported?

NickHeap2 avatar Feb 08 '24 14:02 NickHeap2