We are using your package as a dependency in our project.
In our internal security scan (conducted via Black Duck), we observed that the package @sap/cds-dk (v9.8.3) has dependencies that have not been updated for more than 1 year and even though newer versions are available.
We are raising this issue to bring this to your attention. Could you please confirm if there are any plans to maintain or update this package and its dependencies going forward?
Outdated Dependency List (from Black Duck scan)
Dependencies
| Library |
Version |
| ANTLR 4 |
4.9.3 |
| Async |
3.2.6 |
| asynckit |
0.4.0 |
| base64-js |
1.5.1 |
| bl |
4.1.0 |
| blakeembrey/pluralize |
8.0.0 |
| Buffer |
v5.7.1 |
| bytes.js |
3.1.2 |
| call-bind-apply-helpers |
1.0.2 |
| call-bound |
1.0.4 |
| @cap-js/asyncapi |
1.0.3 |
| chownr |
3.0.0 |
| Clone |
2.1.2 |
| @isaacs/fs-minipass |
4.0.1 |
| combined-stream |
1.0.8 |
| core-util-is |
1.0.2 |
| debug-js/debug |
4.4.3 |
| decompress-response |
6.0.0 |
| deep-extend |
0.6.0 |
| delayed-stream |
1.0.0 |
| dominictarr/rc |
1.2.8 |
| dunder-proto |
1.0.1 |
| ee-first |
1.1.1 |
| encodeurl |
2.0.0 |
| escape-html |
1.0.3 |
| es-define-property |
1.0.1 |
| es-errors |
1.3.0 |
| es-object-atoms |
1.1.1 |
| es-set-tostringtag |
2.1.0 |
| etag |
1.8.1 |
| expand-template |
2.0.3 |
| expressjs/accepts |
2.0.0 |
| extsprintf |
1.4.1 |
| file-uri-to-path |
1.0.0 |
| fill-range |
7.1.1 |
| forwarded |
0.2.0 |
| fs-constants |
1.0.0 |
| function-bind |
1.1.2 |
| get-intrinsic |
1.3.0 |
| get-proto |
1.0.1 |
| github-from-package |
0.0.0 |
| gopd |
1.2.0 |
| has-symbols |
1.1.0 |
| has-tostringtag |
1.0.2 |
| hasown |
2.0.2 |
| http-errors |
2.0.1 |
| ieee754 |
v1.2.1 |
| inherits |
v2.0.4 |
| is-number |
7.0.0 |
| isaacs/once |
1.4.0 |
| ispromise |
4.0.0 |
| js-yaml |
4.1.1 |
| jshttp/content-type |
1.0.5 |
| jshttp/fresh |
2.0.0 |
| jshttp/mime-types |
2.1.35 |
| JSHTTP's negotiator |
1.0.0 |
| livereload-js |
4.0.2 |
| lz4-wasm-nodejs |
0.9.2 |
| math-intrinsics |
1.1.0 |
| media-typer |
1.1.0 |
| merge-descriptors |
2.0.0 |
| micromatch |
4.0.8 |
| micromatch/braces |
3.0.3 |
| mime-db |
1.54.0 |
| mimic-response |
3.1.0 |
| minimist |
1.2.8 |
| mkdirp-classic |
0.5.3 |
| ms.js |
2.1.3 |
| mustache.js |
4.2.0 |
| napi-build-utils |
2.0.0 |
| neo-async |
2.6.2 |
| node-assert-plus |
1.0.0 |
| node-bindings |
1.5.0 |
| node-cache |
5.1.2 |
| Node Cookie Parser |
0.7.2 |
| node-cookie-signature |
1.2.2 |
| nodeca-argparse |
2.0.1 |
| nodejs Deprecate |
2.0.0 |
| nodejs/string_decoder |
1.3.0 |
| node-pool |
3.9.0 |
| npm ini |
1.3.8 |
| object-inspect |
1.13.4 |
| on-finished |
2.4.1 |
| pillarjs/parseurl |
1.3.3 |
| prebuild-install |
7.1.3 |
| proxy-addr |
2.0.7 |
| range-parser |
v1.2.1 |
| readable-stream |
3.6.2 |
| router |
2.2.0 |
| safe-buffer |
5.2.1 |
| safer-buffer |
2.1.2 |
| setprototypeof |
1.2.0 |
| side-channel |
1.1.0 |
| side-channel-list |
1.0.0 |
| side-channel-map |
1.0.1 |
| side-channel-weakmap |
1.0.2 |
| simple-concat |
1.0.1 |
| simple-get |
4.0.1 |
| source-map |
0.6.1 |
| strip-json-comments |
2.0.1 |
| tar-stream |
2.2.0 |
| to-regex-range |
5.0.1 |
| toidentifier |
1.0.1 |
| tunnel-agent |
0.6.0 |
| type-is |
2.0.1 |
| UglifyJS |
3.19.3 |
| unpipe |
1.0.0 |
| util-deprecate |
1.0.2 |
| vary |
1.1.2 |
| verror |
1.10.1 |
| whitequark/ipaddr.js |
v1.9.1 |
| wordwrap |
1.0.0 |
| wrappy |
1.0.2 |
| xml-js |
1.6.11 |
| yallist |
5.0.0 |
| ANTLR 4 (@sap/cds-compiler) |
4.9.3 |
We are using your package as a dependency in our project.
In our internal security scan (conducted via Black Duck), we observed that the package @sap/cds-dk (v9.8.3) has dependencies that have not been updated for more than 1 year and even though newer versions are available.
We are raising this issue to bring this to your attention. Could you please confirm if there are any plans to maintain or update this package and its dependencies going forward?
Outdated Dependency List (from Black Duck scan)
Dependencies