commit-info icon indicating copy to clipboard operation
commit-info copied to clipboard
verified publisher icon cypress-io

Deprecations and vulnerabilities (devDependencies)

Open MikeMcC399 opened this issue 5 months ago • 0 comments

Current behavior

Installing dependencies with npm ci logs deprecations and vulnerabilities. These are from devDependencies only and do not affect the published npm package @cypress/commit-info.

Desired behavior

Installing dependencies in the repo should show no deprecations and no vulnerabilities.

Test code to reproduce

Ubuntu 24.04.3 LTS, Node.js 22.19.0 LTS

git clone https://github.com/cypress-io/commit-info
cd commit-info
git clean -xfd # if repeating
npm ci

Logs

$ npm ci
npm warn deprecated [email protected]: This is probably built in to whatever tool you're using. If you still need it... idk
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated [email protected]: This package is no longer actively maintained. Only security patches will be provided, if needed. Consider switching to fp-ts.

added 597 packages, and audited 806 packages in 15s

135 packages are looking for funding
  run `npm fund` for details

4 vulnerabilities (2 low, 2 high)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

Other

The deprecations and vulnerabilities result from archived / unmaintained npm packages used in devDependencies. To resolve these issues would involve replacing their functionality in repo testing.

In devDependencies Last Release Status Suggested Replacement
[email protected] Jul 29, 2019 deprecated and archived knip
[email protected] Dec 10, 2022 unmaintained
[email protected] Jul 11, 2017 unmaintained
  • see also https://github.com/cypress-io/commit-info/issues/111

Deprecations

Deprecation Dependency of
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]

Vulnerabilities

Vulnerability Dependency of
[email protected] [email protected]
[email protected] [email protected]

MikeMcC399 avatar Sep 05 '25 08:09 MikeMcC399