Deprecated packages and HIGH NPM vurnabilies

[retroroo]

The current source code has deprecated packages and pakcages with HIGH severity vulnerabilities

Node_modules/path-to-regexp
serve-handler <=6.1.5
Depends on vulnerable versions of path-to-regexp
node_modules/serve-handler
serve 7.0.0 - 14.2.3
Depends on vulnerable versions of serve-handler
node_modules/serve

10 high severity vulnerabilities

To address issues that do not require attention, run:
npm audit fix

Some issues need review, and may require choosing
a different dependency.

Result when building.

NPM package versions should be maintained especially after UAParser.js debacle

[retroroo]

ip *
Severity: high
ip SSRF improper categorization in isPublic - GHSA-2p57-rm9w-gvfp
No fix available
node_modules/ip
node_modules/ip-set/node_modules/ip
bittorrent-tracker >=1.0.0
Depends on vulnerable versions of ip
node_modules/bittorrent-tracker
torrent-discovery *
Depends on vulnerable versions of bittorrent-tracker
node_modules/torrent-discovery
webtorrent >=0.8.0
Depends on vulnerable versions of load-ip-set
Depends on vulnerable versions of torrent-discovery
node_modules/webtorrent
secure-file-transfer *
Depends on vulnerable versions of webtorrent
node_modules/secure-file-transfer
ip-set *
Depends on vulnerable versions of ip
node_modules/ip-set
load-ip-set *
Depends on vulnerable versions of ip-set
node_modules/load-ip-set

7 high severity vulnerabilities

[jeremyckahn]

Thanks for reporting this @retroroo. I've just run npm audit fix and committed the change. This doesn't resolve all of the dependency vulnerabilities, but that's the best we can do for now. Snyk is also set up to try to automate this issue away as best as possible.