A Mongoose plugin that lets you transparently cipher stored PII and use securely-hashed passwords
This finally addresses all the pending dependency updates and matching vulnerabilities.
Major is due to several dep majors being upgraded, even if only for dev.
CVE-2018-16469 alerted us to a vuln in merge
pre-1.2.1, which was required transitively in dev through the Jest packages. We upgraded using good ol' npm audit fix
so contributors have nothing to fear!
The Contributing guide was updated to reflect this new tooling and infrastructure.
package-lock
refusal due to npm ci
runs…?)
null
values on PII fields do not break anything anymore