Security issues

[alexbjorlig]

I'm thinking about including this project in our repo, but notice on install several security warnings from npm:

This makes me wonder if the library is maintained - or maybe needs help maintaining?

[addaleax]

This makes me wonder if the library is maintained

Somewhat maintained? If a human checks that a dependency update makes sense, and doesn’t break anything, there should be nothing standing in the way of doing a new release here.

[alexbjorlig]

Awesome. I will look into upgrading lodash. It's pretty heavily used, but I guess it could be broken up in smaller steps.

Maybe swapping out with some modern js?

What is the oldest version of node that the library should support?

[addaleax]

I’m not sure, at least as far as our team is concerned it’s Node.js 12.4.0. The .travis.yml tells another story, so doing a major version bump might make sense anyway?

[alexbjorlig]

A agree, a major version bump would make sense. At least supporting Node.js 12, maybe even just jump directly to v14?

[alexbjorlig]

@addaleax I started a PR #137 to update lodash, I tought it would be easy 😅

But after replacing deprecated functions with the new ones, I still get a bunch of errors on the unit tests. Do you have a moment to look at it - or maybe just some advice where the issue could be?

[addaleax]

A agree, a major version bump would make sense. At least supporting Node.js 12, maybe even just jump directly to v14?

So, since we’re currently still bound to use Node.js 12, I don’t think our team would accept a bump to Node.js 14 directly :)

[alexbjorlig]

Roger - the PR for that is #136, and seems to work fine, also in CI ✅ Ready to merge 😊