Currently, Github warns:
"We found a potential security vulnerability in one of your dependencies.
The mustache dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 2.2.1 and should be updated."
mustache is in the dependency graph for markdown-to-slides, which hasn't had an update in a year (and hasn't addressed any of its issues or PRs since). So the solution to this must either be to find an alternative to markdown-to-slides, or to somehow force npm to install an upgraded version of mustache. I think the latter is possible using npm shrinkwrap (https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/) to avoid a lot of work for a vulnerability that probably can't be exploited in learn-git.
Would you be amenable to a PR that adds a npm-shrinkwrap.json file?
Currently, Github warns:
"We found a potential security vulnerability in one of your dependencies.
The mustache dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 2.2.1 and should be updated."
mustache is in the dependency graph for markdown-to-slides, which hasn't had an update in a year (and hasn't addressed any of its issues or PRs since). So the solution to this must either be to find an alternative to markdown-to-slides, or to somehow force npm to install an upgraded version of mustache. I think the latter is possible using npm shrinkwrap (https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/) to avoid a lot of work for a vulnerability that probably can't be exploited in learn-git.
Would you be amenable to a PR that adds a npm-shrinkwrap.json file?