How should I remove all the security vulnerabilities when starting a new project using “au new”. Some of these seem quite severe:
dem@MacBook temp % npm i -g aurelia-cli
npm WARN deprecated source-map-url@0.4.1: (removed URL)
npm WARN deprecated urix@0.1.0: Please see (removed URL)
npm WARN deprecated resolve-url@0.2.1: (removed URL)
npm WARN deprecated source-map-resolve@0.5.3: See (removed URL)
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
NNote: I had to remove the URL’s from the warnings above to post this message
If it matters, I’m using Node 16 LTS and am trying to create a default Typescript app.
Sorry, I’m pretty much a complete beginner with this stuff.
Thank you very much for your response. Definitely a bit disappointing to need to wait for a Gulp update. The Gulp forum makes it seem like v5 should be coming “soon”, but that is a very impressively broad library…
I need to assume that external vulnerability scanning tools will notice these outdated libraries, which would cause us problems with government clients.
There does not seem to be a path forward for v1 at this time.
