Upgrade to analytics-node >=5.0

redhat-developer / vscode-redhat-telemetry

21 stars 25 forks source link

Upgrade to analytics-node >=5.0 #16

Closed apupier closed 1 year ago

apupier commented 1 year ago

currently:

@redhat-developer/vscode-redhat-telemetry@0.4.2
│ ├─┬ analytics-node@3.5.0
│ │ └── uuid@3.4.0 deduped

But npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.

analytics-node 5.0 has upgraded to 8.3.2 so more recent than 7.x version.

apupier commented 1 year ago

using a recent version of analytics mode will also fix:

follow-redirects  <1.14.8
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
fix available via `npm audit fix`
node_modules/follow-redirects