Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade dependencies #115

Open
wants to merge 18 commits into
base: develop
Choose a base branch
from
Open

Upgrade dependencies #115

wants to merge 18 commits into from

Conversation

ezavgorodniy
Copy link
Contributor

Upgrade dependencies based on advices from "yarn upgrade-interactive"

@Yakuza-UA
Copy link

@thomvaill can this one be reviewed and merged ASAP please? The dependencies are now heavily behind for this project with few vulnerabilities identified. Our security tools no longer let us install Log4Brains on our machines:

npm warn deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated @material-ui/[email protected]: Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.
npm warn deprecated @material-ui/[email protected]: Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.
npm warn deprecated @material-ui/[email protected]: Material UI v4 doesn't receive active development since September 2021. See the guide https://mui.com/material-ui/migration/migration-v4/ to upgrade to v5.

Zscaler sandboxes registry.npmjs.org/bufferutil/-/bufferutil-4.0.8.tgz deeming it unsafe to use.

I do understand that adding new features kind of requires a lot of time, but those aren't critical for the tool to be utilized. One the other hand, dependencies manage vulnerabilities and must be looked after in a timely fashion :)

Appreciate your time - we really want to use your tool, but lack of any attention to it for the last couple years kind of kills it.

This PR is nearly 6 months old, meaning even if you merge it now it's already outdated, but defo better than using 2 yo packages.

KR

@thomvaill thomvaill mentioned this pull request Oct 30, 2024
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ezavgorodniy @Yakuza-UA