Severe Security Issues in Component Dependencies

[crcdng]

I just pushed a component made with angle to Github and got the following security issues, all from dev-dependencies in the generated component.

Many of the dependencies are deprecated.

npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: to-iso-string has been deprecated, use @segment/to-iso-string instead.
npm WARN deprecated [email protected]: Jade has been renamed to pug, please install the latest version of pug instead of jade
npm WARN deprecated [email protected]: This package is unmaintained. Use @sinonjs/formatio instead
npm WARN deprecated [email protected]: wrench.js is deprecated! You should check out fs-extra (https://github.com/jprichardson/node-fs-extra) for any operations you were using wrench for. Thanks for all the usage over the years.
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated [email protected]: CircularJSON is in maintenance only, flatted is its successor.

[ngokevin]

Thanks, those dependencies are only used in the backend or some sub-subpackage, so it's not as severe as GitHub reports.

Deprecations and renames aren't too critical either, if it works it works. If we had to update every time some a sub-sub-subpackage screamed, we'd be quite busy xD

PRs accepted though.