6to5 deprecation warning on npm install

[pdehaan]

Steps to reproduce:

$ npm i

npm WARN deprecated [email protected]: 3.0.0 has been released featuring a host of bug fixes and new features

It looks like the karma-6to5-preprocessor module may be the only outdated module that got installed from a brand new git clone:

$ npm outdated --depth 0

Package                  Current  Wanted  Latest  Location
karma-6to5-preprocessor    1.0.0   1.0.0   3.0.0  karma-6to5-preprocessor

Current package.json:43 points to "^1.0.*":

"karma-6to5-preprocessor": "^1.0.*",

[pdehaan]

Unrelated (and possibly unavoidable) but it looks like karma may be using an older and potentially vuln version of connect. I can dig deeper and see if there is a bug and/or pull request out for karma. I'm guessing there isn't a newer version available since I didn't see anything from npm outdated --depth 0:

$ npm shrinkwrap --dev
wrote npm-shrinkwrap.json

$ nsp shrinkwrap
Name          Installed  Patched  Vulnerable Dependency
serve-static    1.6.4    >=1.7.2  readinglist-client > karma > connect

---

UPDATE: Filed upstream as karma-runner/karma#1295

[n1k0]

@pdehaan tbh I'm currently considering moving away from karma, as its local server seems to be fairly unstable, and its configuration is kinda painful with this project setup; I'll investigate testem and mochify as a replacement, though it's not P1 for now.

In the meanwhile, I'll update the karma-6to5-preprocessor package. Thanks for the report.

[n1k0]

Fixed by ff1a536 along with #10 & #15.