Update dependencies, enable security alerts & dependabot #82
Description
Hello,
I'm trying to update the AUR package to 1.5.1 release but the build fails as there is a dependency on python2 from node-gyp which is pulled by node-sass (dependency hell 🔥)
Bumping the node-sass version to 5.0.0 resolves the python2 dependency, but still there are many modules that need to be updated:
50 vulnerabilities (28 low, 6 moderate, 15 high, 1 critical)
If you enable the Dependabot Alerts on the GitHub repository, you also see them as well.
So I recommend all dependencies on this project be updated, you can also setup Dependabot to open PRs automatically by adding this configuration:
# Basic dependabot.yml file with
# minimum configuration for two package managers
version: 2
updates:
# Enable version updates for npm
- package-ecosystem: "npm"
# Look for `package.json` and `lock` files in the `root` directory
directory: "/"
# Check the npm registry for updates every day (weekdays)
schedule:
interval: "daily"See Github docs for more info.