[SECURITY] Can we update the dependencies for this, please?

rob4629 commented 4 years ago

I've been able to upgrade a handful of dependencies for this package, without breaking existing functionality:

"babel-eslint": "^10.1.0"
"normalize-newline": "^3.0.0"
"publish-please": "^5.5.1"

But these ones can only be partially upgraded due to breaking changes:

"callsite-record": "^3.2.2"
"del": "^1.2.1"
"gulp-eslint": "^6.0.0"
"gulp-mocha": "^3.0.1"

However, that still leaves 22 vulnerabilities:

found 22 vulnerabilities (7 low, 2 moderate, 12 high, 1 critical) in 6205 scanned packages
  21 vulnerabilities require semver-major dependency updates.
  1 vulnerability requires manual review. See the full report for details.

Also, there's a hard dependency of testcafe@0.9.0...

rob4629 commented 4 years ago

I don't mind spending a little more time trying to upgrade these dependencies myself... I just don't have time this week and wanted to raise the ticket.

alexmi256 commented 4 years ago

This would be nice, It would not surprise me if the original plugin also suffered from this.

alexschwantes / testcafe-reporter-junit

[SECURITY] Can we update the dependencies for this, please? #3