Deprecated package depdendencies in atlass-connect

Hello there,

I have recently started my journey with Jira cloud application development and taking baby steps so far. I had a question regarding the deprecated package dependency warning message I get after installing atlass-connect package through npm.

It throw an output similar to below.

npm WARN deprecated request@2.74.0: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated json-parser@1.1.5: `json-parser` is deprecated. Please use `comment-json` instead
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated boom@2.10.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated sntp@1.0.9: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated hoek@2.16.3: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated cryptiles@2.0.5: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
/usr/local/bin/atlas-connect -> /usr/local/lib/node_modules/atlas-connect/bin/atlas-connect
/usr/local/bin/atlas-connect-new -> /usr/local/lib/node_modules/atlas-connect/bin/atlas-connect-new
npm WARN notsup Unsupported engine for got@5.7.1: wanted: {"node":">=0.10.0 <7"} (current: {"node":"12.16.3","npm":"6.14.4"})
npm WARN notsup Not compatible with your version of node/npm: got@5.7.1

Do I need to worried about this? and will there be any security or stability issues because of this?

Thanks in advance

I don’t think there is a documented plan from Atlassian to handle outdated dependencies. I do know that from time to time, guys launch a new patch version with dependencies updated. So for know, you should just let it go but maybe watch the ACE repo so you are notified when there is new activity.

Hi @SwapnilTamhane,

The Atlassian Connect Express library is quite mature and hasn’t demanded a lot of attention, but as @lfcgomes mentioned, we do make updates to dependencies from time to time. At a minimum, we ensure the library is updated with security patches.

There’s no doubt that the library could be improved such as providing better support for ReactJS, but there’s no plans for any major update such as this. Likewise, small improvements like removing dependencies on deprecations would probably only occur if it were convenient whilst fixing something more critical such as a vulnerability.

Regards,
Dugald

Thank you so much @dmorrow and @lfcgomes for the detailed response. That clears up my doubt, that was fast!