We're going to target making various upgrades to our dependencies for Workbox v6, when we move to Node v10 as the minimum required version.

If there's a specific upgrade to a dependency that you'd like to ensure we make, let us know, but in general, that's going to be the plan.

(I'll keep this open to track the v6 updates.)

We usually try to keep up with all the latest dependencies in general, so no particular version in mind.

2480 and #2481 should hopefully take care of things for v6.

Those PRs address dependencies used by workbox-build, workbox-cli, and workbox-webpack-plugin.

Hey Guys, any plans to fix the 192 vulnerabilities 1 of which is high.

Even that's been a dev dependency, build and release machines also get hacked.

Yes, but in Workbox v6, which raises the minimum required version of Node to v10.

We did a broad dependency version bump for Workbox v6.0.0-alpha.1, which is available for testing now. We'll do another bump prior to the next alpha release.

Resolving all these issues while still maintaining compatibility with Node v8, which is what Workbox v5 supports, has proven infeasible in the past.

Thanks for the clarification @jeffposnick ! That is helpful. I am looking forward to v6.

This should be resolved with the release of Workbox v6.