Node.js deprecated dependencies for @getbrevo/brevo

Although the 2.1.1 release is relatively recent, it appears to have deprecated or unsupported dependencies, one such dependency has a memory leak. Is anyone experiencing runtime issues as a result? Are there plans to address?

warning @getbrevo/brevo > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142

May 24 09:10:07 AMwarning @getbrevo/brevo > request > har-validator@5.1.5: this library is no longer supported

May 24 09:10:07 AMwarning @getbrevo/brevo > request > uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See There’s Math.random(), and then there’s Math.random() · V8 for details.

May 24 09:10:08 AMwarning @getbrevo/brevo > rewire > eslint > file-entry-cache > flat-cache > rimraf > glob > inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.

Thanks for your question @anywhichway. Our SDK is autogenerated, we rely in another open source project for most of this warnings to be addressed. As of now, we haven’t received any negative feedback from customers running the SDK in production, so it should be safe. We will attempt to bump up the packages which are running in an old version. For those which are deprecated we might need to wait a bit longer.

Well ok I guess … but as a former CTO at both large and small companies I can say, « it should be safe » is more than a little sketchy.