Conversation
|
@thomvaill can this one be reviewed and merged ASAP please? The dependencies are now heavily behind for this project with few vulnerabilities identified. Our security tools no longer let us install Log4Brains on our machines: npm warn deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated @material-ui/styles@4.11.5: Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.
npm warn deprecated @material-ui/lab@4.0.0-alpha.61: Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.
npm warn deprecated @material-ui/core@4.12.4: Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.Zscaler sandboxes registry.npmjs.org/bufferutil/-/bufferutil-4.0.8.tgz deeming it unsafe to use. I do understand that adding new features kind of requires a lot of time, but those aren't critical for the tool to be utilized. One the other hand, dependencies manage vulnerabilities and must be looked after in a timely fashion :) Appreciate your time - we really want to use your tool, but lack of any attention to it for the last couple years kind of kills it. This PR is nearly 6 months old, meaning even if you merge it now it's already outdated, but defo better than using 2 yo packages. KR |
2 participants
Upgrade dependencies based on advices from "yarn upgrade-interactive"