BTW @paulmillr how about adding dependabot in your repos? It's owned by GitHub. Or at least enable automated security fixes for your repos. The latter does not require the former, but only covers security fixes and not normal updates.
If you add dependabot let me know so that we configure it to run weekly or whatever you prefer.
I assume you understand that ^0.9.8 would install 0.9.9 if available, so no big need in having this updated. rimraf ^ 2 would not install 3, so this makes sense.
BTW @paulmillr how about adding dependabot in your repos? It's owned by GitHub. Or at least enable automated security fixes for your repos. The latter does not require the former, but only covers security fixes and not normal updates.
If you add dependabot let me know so that we configure it to run weekly or whatever you prefer.