3 vulnerabilities required manual review and could not be updated

[developeryashraj]

I think there are packages that are too old or not being used or maybe not needed. I think packages need to be revised by either upgrading to the latest or removing them. (Or may be this is my assumbtion and something else need to be change!!)

I receive below errors of vulnerabilities while doing npm install. Using "mosca": "^2.8.3".

Please find screenshot for details.

Below is the dependency json which i have prepared with the latest versions of packages but couldn't have submmited PR as i don't know the details and their usage of these dependencies.

"dependencies": {
    "amqp": "~0.2.7",
    "array-from": "^2.1.1",
    "ascoltatori": "^4.3.0",
    "brfs": "~2.0.1",
    "clone": "^2.1.2",
    "commander": "~2.19.0",
    "deepcopy": "^1.0.0",
    "escape-string-regexp": "^1.0.5",
    "extend": "^3.0.2",
    "ioredis": "^4.2.0",
    "json-buffer": "~3.0.1",
    "jsonschema": "^1.2.4",
    "level-sublevel": "^6.6.5",
    "leveldown": "~4.0.1",
    "levelup": "^3.1.1",
    "lru-cache": "~4.1.13",
    "memdown": "~3.0.0",
    "minimatch": "~3.0.4",
    "mongodb": "~3.1.9",
    "moving-average": "1.0.0",
    "mqtt": "^2.18.8",
    "mqtt-connection": "^4.0.0",
    "msgpack5": "^4.2.1",
    "nanoid": "^2.0.0",
    "pbkdf2-password": "^1.2.1",
    "pino": "^5.8.1",
    "qlobber": "~3.0.2",
    "retimer": "^1.1.0",
    "st": "^1.2.2",
    "steed": "^1.1.3",
    "uuid": "^3.3.2",
    "websocket-stream": "~5.1.2"
 }

[ballwood]

Having the same issue here, do we know when this could get fixed?

[mkj28]

cross-linking with https://github.com/mcollina/mosca/issues/750