<div dir="ltr"><div dir="ltr"><div>Good morning John,</div><div></div><div><br></div><div>You may want to consider using Dependabot to keep dependencies up to date (it sends a pull request when there is a new version of a package available):<br><a href="https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/">https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/</a><br><a href="https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates">https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates</a><br><br>Also Devcontainers/Docker to sandbox the environment where dependencies run:<br><a href="https://code.visualstudio.com/docs/remote/create-dev-container">https://code.visualstudio.com/docs/remote/create-dev-container</a><br><a href="https://www.docker.com/products/docker-desktop">https://www.docker.com/products/docker-desktop</a><br></div><div><br></div><div><br></div><div>See you,</div><div>Cecile<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Jul 24, 2021 at 2:23 AM John Carlson <<a href="mailto:yottzumm@gmail.com">yottzumm@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">X3DJSONLD upgraded dependency npm-java to version 0.12.2, got rid of <br>
vulnerabilities<br>
<br>
$ npm install<br>
<br>
up to date, audited 109 packages in 738ms<br>
<br>
4 packages are looking for funding<br>
   run `npm fund` for details<br>
<br>
found 0 vulnerabilities<br>
<br>
up to date, audited 109 packages in 58s<br>
<br>
4 packages are looking for funding<br>
   run `npm fund` for details<br>
<br>
found 0 vulnerabilities<br>
<br>
=====================================<br>
<br>
You may wish to help various projects seeking funding that X3DJSONLD uses:<br>
<br>
coderextreme@coderextreme-Kubuntu20:~/X3DJSONLD$ npm fund<br>
X3DJSONLD@9.0.0<br>
├── <a href="https://github.com/sponsors/epoberezkin" rel="noreferrer" target="_blank">https://github.com/sponsors/epoberezkin</a><br>
│   └── ajv@6.12.6<br>
├── <a href="https://github.com/sponsors/isaacs" rel="noreferrer" target="_blank">https://github.com/sponsors/isaacs</a><br>
│   └── glob@7.1.6<br>
└── <a href="https://github.com/sponsors/RubenVerborgh" rel="noreferrer" target="_blank">https://github.com/sponsors/RubenVerborgh</a><br>
     └── follow-redirects@1.14.1<br>
<br>
<br>
_______________________________________________<br>
x3d-public mailing list<br>
<a href="mailto:x3d-public@web3d.org" target="_blank">x3d-public@web3d.org</a><br>
<a href="http://web3d.org/mailman/listinfo/x3d-public_web3d.org" rel="noreferrer" target="_blank">http://web3d.org/mailman/listinfo/x3d-public_web3d.org</a><br>
</blockquote></div></div>