Quick research: https://www.npmjs.com/advisories/612
node-deep-extend popcon = ~1900 apt-cache rdepends node-deep-extend node-deep-extend Reverse Depends: node-rc the watch file for node-rc is not picking up new releases because upstream uses the commit message to tag them instead of a real tag... anyway the new version of deep-extend has been included in rc 1.2.7 released on 2018-04-29: https://github.com/dominictarr/rc/commit/b63377974f60bc5207c15bc8f465e28d2c7e1945 so the bottom line is, to fix this we should: - update node-deep-extend to 0.5.1 - update node-rc from 1.1.6 to 1.2.8 P.
