This repository was archived by the owner on Mar 26, 2021. It is now read-only.
This repository was archived by the owner on Mar 26, 2021. It is now read-only.
Update depenendencies for vulnerability fixes #55
Description
Running npm audit against latest package version reveals several problems which likely need dependency updates in this library.
First and foremost is the fact that this package still relies on jade rather modern pug replacement. There are 5 vulnerabilities related to this package alone.
Second, an update should be made to multimatch to get latest version which would eliminate underlying lodash vulnerabilities as multimatch no longer uses this package as dependency.
This would leave only a single remaining vulnerability exposed by the multimatch library for which I have already opened an issue - sindresorhus/multimatch#26