sfpowerscript has a number of deprecated dependences

Question

sfpowerscript has a number of deprecated dependences

pogilvieCB opened this issue a year ago · 3 comments

Describe the bug
We're concerned about the deprecated dependencies with critical security issues.

To Reproduce
npm install -g @dxatscale/sfpowerscripts
npm WARN deprecated vm2@3.9.19: The library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code to isolated-vm.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see request/request#3142
npm WARN deprecated request@2.88.2: request has been deprecated, see request/request#3142
npm WARN deprecated @oclif/screen@1.0.4: Deprecated in favor of @oclif/core
npm WARN deprecated cli-ux@5.5.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm WARN deprecated puppeteer@19.2.0: < 19.4.0 is no longer supported
npm WARN deprecated @salesforce/command@5.2.43: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

Expected behavior
A clear and concise description of what you expected to happen.
no critical warnings on install

Screenshots
If applicable, add screenshots to help explain your problem.

Platform Details (please complete the following information):

OS: MacOs
Version [e.g. CLI Version eg: 1.6.6] 22.6.1
Salesforce CLI(sfdx cli) Version:
CI Platform: GH Actions.

Additional context
Add any other context about the problem here.

Answer 1 · 2023-07-24T21:51:10.000Z

@pogilvieCB Most of these are dependencies of salesforce libs and will be updated as part of this work item #1338

Its scheduled for this release, but very time consuming as lot of api"s are no longer compatible

That being said the risk profile is too low, as sfpowerscripts is not used as a web service with no inbound connection.

Answer 2 · 2023-07-26T21:46:01.000Z

@azlam-abdulsalam good news on the upcoming update. thank you!

Answer 3 · 2023-08-07T05:16:10.000Z

This has been now resolved in main, and undergoing testing