Update leaflet-omnivore st version to > 1.1.0

[philmikejones]

When deploying a leaflet map through github pages, I am informed about a network vulnerability in the st package when using the leaflet-omnivore plugin.

I think the offending file is: https://github.com/rstudio/leaflet/blob/master/inst/htmlwidgets/lib/leaflet-omnivore/package.json

Please could you update the version of st used? I'm not sure if it's just a case of updating the reference in that file.
Thanks.

[schloerke]

@philmikejones

This is a false positive message.

Leaflet-omnivore does not use the st package except for testing. It is not compiled in the distributed files which the leaflet R package uses. 'st' search results

I'm torn on fixing this as it is a leaflet-omnivore issue. Sure, I can change the offending line, but it will still cause issues down the road when omnivore is updated again.

Forwarding issue to leaflet-omnivore PR: mapbox/leaflet-omnivore#110

Linking to existing PR #575

-Barret

[philmikejones]

Thanks, I thought it would be something like that. Thanks for looking into it

[schloerke]

Closing as it looks like leaflet-omnivore is a ghost town. #575 fixed the issue