security violation - please update underscore package

[eran10]

any change to update underscore package to 1.12.1 ? @BrunoBernardino
https://app.snyk.io/test/npm/visualcaptcha/0.1.3

[BrunoBernardino]

@eran10 the _.template function isn't used, so that specific vulnerability doesn't apply here. That being said, I would not recommend you use this package anymore, at least not from this repo (maybe there's a more up-to-date fork?) since it hasn't been updated for many years, and it seems the new maintainer isn't planning to update it.

[eran10]

thanks @BrunoBernardino , i like the idea of visualCaptcha, can you recommend any alternative package with a similar idea as this?

[BrunoBernardino]

Perhaps https://www.hcaptcha.com/ or https://www.mtcaptcha.com/ though I have found no need to use captchas by default anymore, and if you detect a need for throttling, just start showing a simple question (rotated from a list of at least 10), like "what is five plus three?" or "what is the color of the sky?".