Update rimraf to a version with a newer glob dependency

[brotkel]

Hello,

The current release of node-temp uses rimraf 2.6.3, which depends on Glob, which depends on Inflight, which has a security issue: CWE-772. Newer releases of rimraf and Glob exist that do not have this dependency. Temp should be updated to a newer version, as it's used by many downstream packages, like js-codeshift, which currently have this vulnerability.

[dartess]

@bruce hey! It looks like only you can release a new version now, so I am writing to you.

Do you have any plans to support and develop this project?

It looks perfect, but time passes, and the project's dependencies become outdated. Thus, modern rimraf only supports node>=14.18.0, while the current version of temp supports node>=6.0.0. Updating even a minor version in this case for a package with millions of downloads will definitely be a painful breaking change.

How do you feel about updating all dependencies and releasing a major release?

[bruce]

@bruce hey! It looks like only you can release a new version now, so I am writing to you.

Ah, I was unaware of that; this project has been off my radar for some time.

Do you have any plans to support and develop this project?

No, but I'm at least willing to make new dependency related releases, time-permitting, until someone else steps forward and wants to continue to support the project more comprehensively.

It looks perfect, but time passes, and the project's dependencies become outdated. Thus, modern rimraf only supports node>=14.18.0, while the current version of temp supports node>=6.0.0. Updating even a minor version in this case for a package with millions of downloads will definitely be a painful breaking change.

How do you feel about updating all dependencies and releasing a major release?

Yes, I can take a look at this in a week or so; I'm currently on holiday and a continent and ocean away from my laptop.

[jisotalo]

Hi!

Any news on this?

Just noticed this inflight issue in my setup and following the dependency path brought me here.

[jisotalo]

@bruce any news on this? Thanks!

[pano9000]

@bruce would you be open to PRs that bump the versions accordingly?
If so, I'll gladyl submit :-)

[bruce]

@pano9000 Happy to accept a PR that does this. I'm also very interested in someone taking over this project more generally. It's probably pretty obvious I'm not being a very diligent maintainer here at all, and users would benefit from someone who can spare the time and attention.