devDependencies review #164
Description
Situation
| devDependencies | Version | Status |
|---|---|---|
| ban-sensitive-files | 1.10.0 | critical vulnerabilities |
| chdir-promise | 0.6.2 | last released in 2017 |
| dependency-check | 4.1.0 | deprecated in favor of knip |
| deps-ok | 1.4.1 | critical vulnerabilities |
| dont-crack | 1.2.1 | critical vulnerabilities |
| git-issues | 1.3.1 | depends on unsupported request |
| github-post-release | 1.13.1 | last released in 2017 - depends on simple-commit-message |
| license-checker | 25.0.1 | unmaintained with deprecated dependencies |
| mocha | 6.2.1 | old version |
| mocked-env | 1.3.1 | unmaintained repo |
| pre-git | 3.17.1 | last released in 2018 - depends on simple-commit-message |
| prettier-standard | 8.0.1 | critical vulnerabilities |
| semantic-release | 17.2.3 | old version |
| simple-commit-message | 4.1.3 | critical vulnerabilities |
| snap-shot-it | 7.9.3 | unfixable vulnerabilities |
| standard | 13.1.0 | uses deprecated versions |
| stub-spawn-once | 2.3.0 | unfixable high severity vulnerabilities |
Recommendation
- Remove devDependencies for npm modules that are outdated and have critical vulnerabilities
- Update
mochaand any other essentialdevDependencies