Depreciation Warnings, and Vulnerabilities

[simbolmina]

I have installed this package with npm install and my app with 0 vulnerability became a vulnerability powerhouse

PS path> npm install iyzipay
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: Use uuid module instead
npm WARN deprecated [email protected]: request has been deprecated, see request/request#3142
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.

added 64 packages, and audited 1036 packages in 6s

141 packages are looking for funding
run npm fund for details

11 vulnerabilities (3 moderate, 8 high)

Some issues need review, and may require choosing
a different dependency.

Run npm audit for details.

I'm using nestjs@latest at the time being nodejs 18 LTS

here is npm audit result

npm audit report

bl <1.2.3
Severity: moderate
Remote Memory Exposure in bl - GHSA-pp7h-53gx-mx7r
No fix available
node_modules/request/node_modules/bl
request *
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
iyzipay *
Depends on vulnerable versions of request
node_modules/iyzipay

hawk <=9.0.0
Severity: high
Uncontrolled Resource Consumption in Hawk - GHSA-44pw-h2cw-w3vq
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
No fix available
node_modules/hawk

hoek <4.2.1
Severity: high
Prototype Pollution in hoek - GHSA-jp4x-w63m-7wgm
No fix available
node_modules/hoek
boom <=3.1.2
Depends on vulnerable versions of hoek
node_modules/boom
cryptiles <=2.0.5
Depends on vulnerable versions of boom
node_modules/cryptiles
sntp 0.0.0 || 0.1.1 - 2.0.0
Depends on vulnerable versions of hoek
node_modules/sntp

qs <6.2.4
Severity: high
qs vulnerable to Prototype Pollution - GHSA-hrpp-h998-j3pp
No fix available
node_modules/request/node_modules/qs

tough-cookie <=4.1.2
Severity: high
Regular Expression Denial of Service in tough-cookie - GHSA-g7q5-pjjr-gqvp
ReDoS via long string of semicolons in tough-cookie - GHSA-qhv9-728r-6jqg
tough-cookie Prototype Pollution vulnerability - GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

tunnel-agent <0.6.0
Severity: moderate
Memory Exposure in tunnel-agent - GHSA-xc7v-wxcw-j472
No fix available
node_modules/request/node_modules/tunnel-agent

11 vulnerabilities (3 moderate, 8 high)

Some issues need review, and may require choosing
a different dependency.

i have installed latest github relase as well

npm install github:iyzico/iyzipay-node#v2.0.49

but result is the same.

[fatihtashan]

Are you planning updating dependencies?