I keep getting a vulnerability notification for a dependency in a non-existent yarn.lock file in jeremija/peer-calls. This file did exist at some point, but we've switched to package-lock.json since.

As expected, when I click on the link the file is not found: https://github.com/jeremija/peer-calls/blob/master/yarn.lock

Hi @jeremija, I had a look into this, and it seems we had a delay in detecting the removal of that yarn.lock file which is why you got an alert on it.

I've verified that everything looks correct now and you shouldn't get any more spurious alerts on this file, sorry for the hassle.

Thanks for fixing it!