@confluentinc/schemaregistry: Please keep dependencies updated and check them for vulnerabilities

[Dhruv-Garg79]

The @confluentinc/schemaregistry package uses a lot of dependencies.

Regular releases with updated dependencies will make this package more secure.

[Dhruv-Garg79]

@milindl can we have releases with dependency updates, both the main package and schemaregistry package contain some old dependencies with critical vulnerabilities.

✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6
introduced by @confluentinc/kafka-javascript@1.3.0 > @mapbox/node-pre-gyp@1.0.11 > rimraf@3.0.2 > glob@7.2.3 > inflight@1.0.6
No upgrade or patch available
✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873] in tough-cookie@2.5.0
introduced by @confluentinc/schemaregistry@1.3.1 > node-vault@0.10.2 > postman-request@2.88.1-postman.8-beta.1 > tough-cookie@2.5.0
This issue was fixed in versions: 4.1.3

[Dhruv-Garg79]

And ideally dependencies which are not maintained anymore should be completely avoided like node-vault

[janjwerner-confluent]

@Dhruv-Garg79
Thank you for posting this issue.