Just noticed few vulnerabilities flagged by npm audit.
It may make sense to update less, debug (socket.io-adapter-mongo), and string.
Not sure however if updating these libraries break other code.
Thanks @JJSagan -- unfortunately for Bootstrap we need to have them backport the fix to BS3, since we do not support Bootstrap 4 at the moment.
The other package are a little easier, and should be able to be updated with little fuss. We currently use Renovate to handle our dependency management.
Thank you @julian , that's awesome!