You need to sign in or sign up before continuing.
Deprecation warning for transitive dependency uuid
tl;dr: Using jsfuzz in a project results in a deprecation warning for uuid
when installed. At the time of writing this problem appears blocked upstream in the nyc package by istanbuljs/nyc#1417. In any case, I don't think this is a hard issue for jsfuzz, but it would be good to upgrade when an update is available.
When installing jsfuzz there's a deprecation warning for the use of uuid@3
:
/project # npm i jsfuzz --save-dev
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
This is because of the dependency on nyc
:
/project # npm ls uuid
project@x.x.x /project
`-- jsfuzz@1.0.15
`-- nyc@14.1.1
`-- uuid@3.4.0
Unfortunately, upgrading nyc to the latest version (as of writing, ^15
) doesn't seem to help. I tried this on the jsfuzz repository and got:
/jsfuzz # npm ls uuid
@gitlab-org/jsfuzz@1.1.0 /jsfuzz
└─┬ nyc@15.1.0
└─┬ istanbul-lib-processinfo@2.0.2
└── uuid@3.4.0
Per the tl;dr above, it appears this problem is blocked upstream in nyc by https://github.com/istanbuljs/nyc/issues/1417.