Vulnerabilities in esm-seedrandom

[roirein]

Hi,

For this package you use the library esm-seedrandom@3.0.5. the library depends on some packages that has vulnerabilities, you can refer the following link: shanewholloway/js-esm-seedrandom#7

can you please follow this issue and update accordingly? or in case those issues won't be handled use another library instead?

[Marko19907]

Hi,
Thanks for bringing this up!

The library esm-seedrandom is mainly a utility packed with lots of math functions. It does depend on the packages you mentioned there but these dependencies are strictly for testing and development purposes. They’re not included in the actual build or runtime of either esm-seedrandom or my library, so there’s no risk of these vulnerabilities affecting production usage.

That said, if the maintainer of esm-seedrandom releases a new version, I’ll make sure to release a new version of my library with the fix. I’ve been meaning to revisit this project for a while, so I appreciate the nudge!

Thanks again for keeping an eye on these details. Let me know if you have any other concerns, cheers!

[roirein]

Thank you very much!