Updating fixed NPM dependency versions

[zachsa]

Description

Doing an npm install shows that many library versions labeled as deprecated are used. including the openlayers package, which has been deprecated in favor of a different package (ol).

Is there a plan to update to non-deprecated libraries? I see that a similar thing was raised last year (Issue #3217), but that the decision was NOT to update to newer versions of dependencies due to this effort involved.

Whilst this is understandable, is it not likely that MapStore will soon be using versions of libraries that are behind the current documented versions of libraries? I'm still trying to figure out MapStore - or more particularly, assess whether it's a good fit for a project. And this seems like a deal breaker... My understanding is that if I choose to use openlayers with MapStore then I will almost certainly need to work with the openlayers code directly (but I'm not sure on this yet), and that using a deprecated version of openlayers will be quite frustrating.

[mbarto]

Specifically about OpenLayers: we already tested OpenLayers 5 (latest) for a customer, and the changes to MapStore code to make it work were trivial, so I am optimistic that we will update our dependency to openlayers 5 soon.

[zachsa]

As I mentioned on issue #3217 thread (which is closed), the list of deprecated dependencies is here:

npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated @turf/[email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated @turf/[email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]
npm WARN deprecated [email protected]

And pushing a project generated via the createProject.js script I get a lit of security vulnerabilities on my GitHub page: