Warnings of dependency npm

[KaiSchwarz-cnic]

Probably you're aware of it, just wanted to bring it up.

npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported

└─┬ semantic-release@17.3.7
  └─┬ @semantic-release/npm@7.0.10
    └─┬ npm@6.14.11
      ├─┬ node-gyp@5.1.0
      │ └── request@2.88.0  deduped
      └── request@2.88.0 

└─┬ semantic-release@17.3.7
  └─┬ @semantic-release/npm@7.0.10
    └─┬ npm@6.14.11
      └─┬ request@2.88.0
        └── har-validator@5.1.5 

No idea about the exact use of npm as dependency, I could imagine this to be a relict of the npm security issue that github bumped up quite a while ago. Maybe moving it into engines section in package.json does it already.

Just my 2 cents / HTH.

[gr2m]

this will be resolved with the upgrade to npm v7, we have an open PR here: https://github.com/semantic-release/npm/pull/304

I can't find the time to look into the failing CI. Maybe you can help out?

[KaiSchwarz-cnic]

Hi @gr2m,

being busy applies to so much people - I am including myself in here too. Just check my commit stats. If I get a spot, I'll try to support you. But don't expect something in short.

I also want to forward my biggest thanks for the work on this module. semantic-release and related plugins are so great. We use it in all our public repositories, also for the non-nodejs related ones!

Best Kai

[danez]

This should now be solved with 7.1.0