FormidableLabs/react-swipeable

react-swipeable: remediate critical and high security warnings

Burnett2k opened this issue · 4 comments

Before fixing vulnerabilities, we may need to discuss moving this to newer versions of NodeJs.

@carbonrobot Are we planning to continue to support this project?

👋 heyo! I'm still here and I keep a very prudent eye on issues. It does not have vulnerabilities since the packages that "have vulnerabilities" are only build packages not bundled packages.

What sort of re-vamping and TLC do you think it is in need of?

I'm also willing to take this project back under my own ownership if that is something formidable/nearform would be willing to do.

@hartzis Hey friend! Thanks for checking in. This was just part of an OSS audit we did on all packages in the organization, nothing specific to this package in general. I don't see anything here that affects the output runtime, and looking at the built dist from the package there is no shipped dependency with an issue.

The only thing I would worry much about here is the Node deprecation. Github actions (and other providers) will soon stop running anything <18.

All critical and high security vulnerabilities have been reviewed by me, flagged appropriately, and we can now close this issue. No changes to the runtime code are needed.