I see that some of the libs got updated a few weeks ago, but there was no release and there are still some PRs with dependency updates. I'll see if I can solve some of them?

This is concerning, is there a plan to keep on top of security vulnerabilities in consumed packages? As @Florian-Schoenherr points out, the security issue relating to trim-newlines was fixed nearly three months ago now and no release has been made.

It's been almost 3 months and there's still 15 vulnerabilities, I wanted to develop a few VS Code extensions (VS Code uses yo to create a new extension project), but I'm a little concerned after seeing 15 vulnerabilities and a few deprecated warnings

I have same issue