Update transitive dependencies
Created by: Tirokk
Authored by roschaefer Merged
I see a security vulnerability warning on Github. I hope that updating transitive dependencies will silence the security warning.
I did rm yarn.lock followed by yarn install.
EDIT: OK, I found out what's causing the security warning. Running
yarn list lodash
├─ bitcore-lib@0.13.19
│ └─ lodash@3.10.1
└─ lodash@4.17.15gives us the hint that the outdated lodash comes from bitcore-lib
which in turn is required by the extremely outdated activitystrea.ms
package. I tried to update it's dependencies in my fork without success.
If we ever touch the activity pub implementation we might have to
maintain this package ourselves.
FYI: @Mastercuber