Apparently aws-sdk <2.178.0 has a potential vulnerability that is now fixed in >=2.178.0.

https://snyk.io/test/npm/dynogels/8.0.1?severity=high&severity=medium&severity=low

Isn't this module only actually used when bundled for a browser? Dynogels is not designed to run in a browser -- you're typically not performing database operations from the frontend.

@cdhowie you're likely correct. However, that dep currently and validly fires off read flags for Snyk.io and the version of aws-sdk that dynogels currently uses could simply be updated to even just v2.178.0 (not latest) and would still correct the issue.

Shouldn't aws-sdk be a peer dependency anyway? Or since the version differences are only minor aren't the chances high that this would be an non-breaking change to dynogels?

Closing this as a duplicate of #148, which has a subtask of updating dependencies to satisfy bitHound (which checks for vulnerabilities).