Deprecated libraries starting new project with v3

Testing out Strapi for use on a client project, but the app needs to pass a security audit. I do not believe it can pass a security audit with the numerous warning and even deprecated libraries that are included in the application.

I was wondering what is the best approach for addressing this issue, short of not using this solution.


aaronksaunders@Aarons-14MacBookProM1Pro my-project % yarn upgrade
yarn upgrade v1.22.17
error No lockfile in this directory. Run `yarn install` to generate one.
info Visit https://yarnpkg.com/en/docs/cli/upgrade for documentation about this command.
aaronksaunders@Aarons-14MacBookProM1Pro my-project % yarn audit
yarn audit v1.22.17
info No lockfile found.
warning @strapi/plugin-users-permissions > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning @strapi/plugin-users-permissions > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning @strapi/plugin-users-permissions > request > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning @strapi/plugin-users-permissions > request > har-validator@5.1.5: this library is no longer supported
warning @strapi/plugin-users-permissions > koa2-ratelimit > mongoose > @types/mongodb > @types/bson@4.2.0: This is a stub types definition. bson provides its own type definitions, so you do not need this installed.
warning @strapi/strapi > @strapi/generate-new > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning @strapi/strapi > koa-ip > debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
warning @strapi/strapi > koa-session > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning @strapi/strapi > koa-body > formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
warning @strapi/strapi > @strapi/admin > node-polyfill-webpack-plugin > url > querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
warning @strapi/strapi > @strapi/plugin-email > @strapi/provider-email-sendmail > sendmail > mailcomposer@3.12.0: This project is unmaintained
warning @strapi/strapi > @strapi/generators > plop > liftoff > findup-sync > micromatch > snapdragon > source-map-resolve > resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
warning @strapi/strapi > @strapi/generators > plop > liftoff > findup-sync > micromatch > snapdragon > source-map-resolve > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning @strapi/strapi > @strapi/plugin-email > @strapi/provider-email-sendmail > sendmail > mailcomposer > buildmail@3.10.0: This project is unmaintained
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @strapi/strapi                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @strapi/strapi > @strapi/generators > plop > ora >           │
│               │ strip-ansi > ansi-regex                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1004946                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @strapi/strapi                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @strapi/strapi > @strapi/plugin-content-type-builder >       │
│               │ @strapi/generators > plop > ora > strip-ansi > ansi-regex    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1004946                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
2 vulnerabilities found - Packages audited: 1487
Severity: 2 Moderate
✨  Done in 17.59s.
aaronksaunders@Aarons-14MacBookProM1Pro my-project %