Vulnerable and deprecated dependencies #385
Description
As of today, the current version of ftp-srv relies on a vulnerable version of the ip package. It should be bumped. There are also 4 deprecated dependencies.
npm audit fix output :
ip *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix --force`
Will install ftp-srv@2.16.2, which is a breaking change
node_modules/ip
ftp-srv 0.0.0-development || >=2.17.0
Depends on vulnerable versions of ip
node_modules/ftp-srv
2 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Deprecated dependencies :
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated rimraf@2.4.5: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@6.0.4: Glob versions prior to v9 are no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.