Update vulnerable dependencies

[rthomazel]

No description provided.

[mvayngrib]

why levelup 4.1.0? Is it known to work with level-filesystem 1.2.0?

[rthomazel]

Working fine for me so far. I just bumped to the latest.

[mvayngrib]

it would be good to run their test suite to make sure. Their devDependencies show levelup@^0.18.2, see: https://github.com/mafintosh/level-filesystem/blob/master/package.json#L21

[lcsvcn]

Any update on this? 2 high and 1 moderate security issue

[rthomazel]

Will prioritize this. Been working a lot but have time for OSS now :)

…

Sent from my iPhone

On 29 Aug 2019, at 17:29, Lucas V C Nicolau ***@***.***> wrote: Any update on this? 2 high and 1 moderate security issue — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[lcsvcn]

If you need some help let me know @Thomazella

[rthomazel]

Oops, forgot about this. I'll add to my personal todo and address shortly

…

Sent from my iPhone

On 11 Sep 2019, at 15:32, Lucas V C Nicolau ***@***.***> wrote: If you need some help let me know @Thomazella — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[ripzery]

Hello @Thomazella. Any update on this?

[AliMeer]

Hi @Thomazella,

There are a now 2 github dependabot security alerts which are directly related to levelup . One for bl and the other for semver.

It will be great to have this PR tested and merged to address both the security alerts.

[0xSmiley]

Any update on this?