Deprecations and vulnerabilities (devDependencies)

[MikeMcC399]

Current behavior

Installing dependencies with npm ci logs deprecations and vulnerabilities. These are from devDependencies only and do not affect the published npm package @cypress/commit-info.

Desired behavior

Installing dependencies in the repo should show no deprecations and no vulnerabilities.

Test code to reproduce

Ubuntu 24.04.3 LTS, Node.js 22.19.0 LTS

git clone https://github.com/cypress-io/commit-info
cd commit-info
git clean -xfd # if repeating
npm ci

Logs

$ npm ci
npm warn deprecated acorn-dynamic-import@4.0.0: This is probably built in to whatever tool you're using. If you still need it... idk
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated folktale@2.3.2: This package is no longer actively maintained. Only security patches will be provided, if needed. Consider switching to fp-ts.

added 597 packages, and audited 806 packages in 15s

135 packages are looking for funding
  run `npm fund` for details

4 vulnerabilities (2 low, 2 high)

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

Other

The deprecations and vulnerabilities result from archived / unmaintained npm packages used in devDependencies. To resolve these issues would involve replacing their functionality in repo testing.

In devDependencies	Last Release	Status	Suggested Replacement
dependency-check@4.1.0	Jul 29, 2019	deprecated and archived	knip
snap-shot-it@7.9.10	Dec 10, 2022	unmaintained
stub-spawn-once@2.3.0	Jul 11, 2017	unmaintained

• see also Dependency Dashboard #111

Deprecations

Deprecation	Dependency of
acorn-dynamic-import@4.0.0	dependency-check@4.1.0
glob@7.2.3	dependency-check@4.1.0
debug@4.1.1	snap-shot-it@7.9.10
folktale@2.3.2	snap-shot-it@7.9.10

Vulnerabilities

Vulnerability	Dependency of
debug@4.1.1	snap-shot-it@7.9.10
debug@2.6.8	stub-spawn-once@2.3.0