Insecure dependency: event-stream 3.3.6 #362
Description
We noticed this repo pulls in event-stream at version 3.3.6 as a dependency. This version has had malicious code injected into it (see dominictarr/event-stream#116 for more information) and we recommend that you either upgrade to 4.0.1 or downgrade to 3.3.4 as soon as possible.
(Dependabot can't generate downgrade PRs for sub-dependencies at the moment, but we wanted to warn you about the issue all the same.)