npm warnings about glob, rimraf and inflight, all caused by a too old version of jscodeshift in Storybook's dependencies

[robin-bourgeon-eficia]

Summary

Hello,
My project has "@storybook/cli": "^10.3.3" in its package.json. I did a fresh npm install after removing both package-lock.json and node_modules, and I am getting the following warnings about dependencies that are either not supported anymore, leaking memory, or containing vulnerabilities:

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.

npm warn deprecated rimraf@2.6.3: Rimraf versions prior to v4 are no longer supported

npm warn deprecated glob@7.2.3: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me

so I did a npm list -a to inspect the tree and see which dependencies of my project are importing inflight@1.0.6, rimraf@2.6.3, and glob@7.2.3.

It turns out that:

• inflight@1.0.6 is imported by glob@7.2.3
• glob@7.2.3 is imported by rimraf@2.6.3
• rimraf@2.6.3 is imported by temp@0.8.4
• temp@0.8.4 is imported by jscodeshift@0.15.2
• and finally, jscodeshift@0.15.2 is imported by @storybook/cli@10.3.3.

So it seems that the fact that @storybook/cli@10.3.3 imports jscodeshift@0.15.2 is the root cause of the warnings.

The latest version of jscodeshift does not import temp anymore, which can be seen here in the current package.json of jscodeshift: https://github.com/facebook/jscodeshift/blob/main/package.json

So, do you plan upgrading your dependency on jscodeshift to the latest version, which could potentially fix all these issues at once?

Additional information

No response

Create a reproduction

No response