4 deprecated dependencies with 11 vulnerabilities, 4 high

[pmorch]

Describe the bug

From a fresh directory I get reports of 4 deprecated dependencies and vulnerabilities:

$ npm i font-awesome-assets
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: this package is now deprecated
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142

added 165 packages, and audited 166 packages in 6s

7 packages are looking for funding
  run `npm fund` for details

11 vulnerabilities (7 moderate, 4 high)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

So I ran npm audit:

$ npm audit
# npm audit report

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/css-select
    cheerio  0.19.0 - 1.0.0-rc.3
    Depends on vulnerable versions of css-select
    node_modules/cheerio

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
  phantomjs-prebuilt  *
  Depends on vulnerable versions of request
  node_modules/phantomjs-prebuilt
    svg2png  *
    Depends on vulnerable versions of phantomjs-prebuilt
    Depends on vulnerable versions of yargs
    node_modules/svg2png
      font-awesome-assets  *
      Depends on vulnerable versions of @ladjs/svgfont2js
      Depends on vulnerable versions of cheerio
      Depends on vulnerable versions of svg2png
      node_modules/font-awesome-assets


xml2js  <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution  - https://github.com/advisories/GHSA-776f-qx25-q3cc
No fix available
node_modules/xml2js
  @ladjs/svgfont2js  *
  Depends on vulnerable versions of xml2js
  node_modules/@ladjs/svgfont2js

yargs-parser  <=5.0.0
Severity: moderate
yargs-parser Vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-p9pc-299p-vxgp
No fix available
node_modules/yargs-parser
  yargs  4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1
  Depends on vulnerable versions of yargs-parser
  node_modules/yargs

11 vulnerabilities (7 moderate, 4 high)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

[pmorch]

And then I found font-awesome-assets-updated, but:

$ npm i font-awesome-assets-updated
npm ERR! code 128
npm ERR! An unknown git error occurred
npm ERR! command git --no-replace-objects ls-remote ssh://[email protected]/niftylettuce/svgfont2js.git
npm ERR! ERROR: Repository not found.
npm ERR! fatal: Could not read from remote repository.
npm ERR! 
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/pmorch/.npm/_logs/2023-04-29T04_55_08_378Z-debug-0.log