Security Issues

[halilcakar]

So i've just cloned this repo and install dependencies and saw that there are bunch of security issues reported by npm.

even when i try to run npm audit fix is also not fixing those

It gives me this.

Can we do something to update phaser version along with others?

[the-simian]

Sure, I can take a look, but I can already tell you a lot of these are likely just in dev-dependencies, and won't affect the security of the deployed game

[halilcakar]

Yes @the-simian it's probably coming from devDependencies but still would be nice to update those 😄

Also phaser version 3.23.0 is out as far as i know would be nice to update those too.

I'm also wondering if i would remove all referances from lodash do you think we can strip that out?

[the-simian]

Also phaser version 3.23.0 is out as far as i know would be nice to update those too.

• yeah I'll get that updated

I'm also wondering if i would remove all referances from lodash do you think we can strip that out?

• I'd rather leave it because lodash is mostly used in preprocessing scripts (level processor, lightray processor and so on) and in the places it is used in the actual game I import the function directly, so its not a big deal. If you want to pull it out in your own game of course go for it

Honestly, I just need to set some time aside and do some dependency updating when I can. I've been watching Phaser 4 and was considering even jumping over to that, not sure yet.

[halilcakar]

Aight then, Phaser 4 is going like WOW, would be nice to have phaser 3 and after some time phaser 4 versiyon too =)

About lodash sure. I think we can just close this and open when it's necessary? I'll leave it to you. And really thanks for your quick responses

[the-simian]

Yeah man Phaser 4 looks really nice, I've been watching it with great enthusiasm for sure. I'm also warming up to removing lodash as well the more I think about it, as well tbh.