Description
We are using sap/hdi-deploy and its transitive dependencies in our project.
In our internal security scan (conducted via Black Duck), we observed that several transitive dependencies currently appear to be outdated.
We are raising this issue to bring this to your attention. Could you please confirm if there are any plans to maintain or update these dependencies going forward?
Outdated Dependency List (from Black Duck scan)
- Async – v3.2.6
- Clone – v2.1.2
- core-util-is – v1.0.2
- extsprintf – v1.4.1
- fill-range – v7.1.1
- is-number – v7.0.0
- micromatch – v4.0.8
- micromatch/braces – v3.0.3
- minimist – v1.2.8
- neo-async – v2.6.2
- node-assert-plus – v1.0.0
- node-cache – v5.1.2
- source-map – v0.6.1
- to-regex-range – v5.0.1
- UglifyJS – v3.19.3
- verror – v1.10.1
- wordwrap – v1.0.0
- debug-js/debug – v4.4.3
- lz4-wasm-nodejs – v0.9.2
- ms.js – v2.1.3
- safer-buffer – v2.1.2
Description
We are using sap/hdi-deploy and its transitive dependencies in our project.
In our internal security scan (conducted via Black Duck), we observed that several transitive dependencies currently appear to be outdated.
We are raising this issue to bring this to your attention. Could you please confirm if there are any plans to maintain or update these dependencies going forward?
Outdated Dependency List (from Black Duck scan)