Hello,
I discovered this project via the magic mirror project (https://magicmirror.builders). Snyk.io shows 2 vulnerabilities due to outdated rrule and after integrating dependabot on my fork, github security gave warning about a vulnerability in outdated diff as well. I'd like to recommend integrating dependabot or something similar to ease maintenance for everyone and automatically update dependencies.
Thank you!

Good idea, added, thanks!