fix deprecated dependencies
joeyguerra opened this issue · comments
Hubot is old. There are some dependencies that are deprecated, no longer maintained. The following is the output from NPM with Node.js v18.3.0. The current Node.js LTS version is v18.16.0.
I'm guessing that in order to resolve these issues, we might have to get rid of some of the dev dependencies. For instance, I just noticed that coveralls
depends on a version of request
that is out of date and has a security issue.
➜ hubot git:(master) ✗ npm i
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated formatio@1.1.1: This package is unmaintained. Use @sinonjs/formatio instead
npm WARN deprecated samsam@1.1.2: This package has been deprecated in favour of @sinonjs/samsam
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
added 866 packages, and audited 1103 packages in 5s
175 packages are looking for funding
run `npm fund` for details
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.```
I renamed this "fix deprecated dependencies", which I think reflects the work. "Modernize the code base" can mean a lot more.
coveralls is a code coverage tool, with a service backing it. If it's not useful, then can drop it if it's not providing value AND has deprecations.
I don't yet have a scenario where I would get value from coveralls. I could see using it if we were strictly using TDD as our designing process. But I don't want to be dogmatic about TDD. I prefer balancing tradeoffs instead of apply a general rule across the board.
I'll create a PR to remove coveralls.
Dependencies have been updated to their latest versions. We'll work on replacing the log module in a future release.