Fix security alerts

.eslintrc.js

@@ -1,14 +1,14 @@
 module.exports = {
 	root: true,
-	parser: 'babel-eslint',
+	parser: '@babel/eslint-parser',
 	parserOptions: {
 		sourceType: 'module'
 	},
+	env: {
+		browser: true,
+		es6: true
+	},
 	extends: 'standard',
-	// required to lint *.vue files
-	plugins: [
-		'html'
-	],
 	// add your custom rules here
 	rules: {
 		// allow paren-less arrow functions
@@ -17,7 +17,6 @@ module.exports = {
 		'generator-star-spacing': 0,
 		// allow debugger during development
 		'no-debugger': process.env.NODE_ENV === 'production' ? 2 : 0,
-
 		// OWN RULES
 		'indent': [2, 'tab'],
 		'no-tabs': 0,

package.json

@@ -34,32 +34,24 @@
     "url": "https://github.com/axsemantics/rohrpost-js/issues"
   },
   "homepage": "https://github.com/axsemantics/rohrpost-js#readme",
-  "dependencies": {},
   "devDependencies": {
     "@babel/core": "^7.9.0",
+    "@babel/eslint-parser": "^7.16.5",
     "@babel/plugin-external-helpers": "^7.8.3",
     "@babel/preset-env": "^7.9.0",
+    "@rollup/plugin-babel": "^5.3.0",
     "@rollup/plugin-inject": "^4.0.1",
-    "babel-eslint": "^10.1.0",
     "babel-plugin-istanbul": "^6.0.0",
     "babel-plugin-transform-runtime": "^6.23.0",
     "chai": "^4.2.0",
     "coveralls": "^3.0.11",
-    "eslint": "^5.16.0",
-    "eslint-config-standard": "^12.0.0",
-    "eslint-friendly-formatter": "^4.0.1",
-    "eslint-loader": "^2.2.1",
-    "eslint-plugin-html": "^4.0.6",
-    "eslint-plugin-import": "^2.20.2",
-    "eslint-plugin-node": "^7.0.1",
-    "eslint-plugin-promise": "^4.2.1",
-    "eslint-plugin-standard": "^4.0.1",
-    "mocha": "^7.1.1",
+    "eslint": "^7.32.0",
+    "eslint-config-standard": "^16.0.3",
+    "mocha": "^9.1.3",
     "mocha-lcov-reporter": "^1.3.0",
     "nyc": "^15.0.0",
     "rollup": "^2.3.1",
-    "rollup-plugin-babel": "^4.4.0",
-    "rollup-plugin-node-builtins": "^2.1.2",
+    "rollup-plugin-polyfill-node": "^0.8.0",
     "sinon": "^9.0.1",
     "sinon-chai": "^3.5.0",
     "ws": "^7.2.3"

rollup.config.browser.js

@@ -1,11 +1,16 @@
-import babel from 'rollup-plugin-babel'
-import builtins from 'rollup-plugin-node-builtins'
+import babel from '@rollup/plugin-babel'
 
 export default {
 	input: 'src/index.js',
 	output: {
+		file: 'dist/rohrpost.browser.js',
 		format: 'cjs',
-		file: 'dist/rohrpost.browser.js'
+		exports: 'default'
 	},
-	plugins: [babel(), builtins()]
+	plugins: [
+		babel({
+			babelHelpers: 'external'
+		})
+	],
+	external: ['events']
 }

rollup.config.cjs.js

@@ -1,15 +1,16 @@
-import babel from 'rollup-plugin-babel'
+import babel from '@rollup/plugin-babel'
 import inject from '@rollup/plugin-inject'
 
 export default {
 	input: 'src/index.js',
 	output: {
 		file: 'dist/rohrpost.js',
 		format: 'cjs',
+		exports: 'default'
 	},
 	plugins: [
 		babel({
-			externalHelpers: true
+			babelHelpers: 'external'
 		}),
 		inject({
 			include: 'src/index.js',

rollup.config.es.js

@@ -1,4 +1,4 @@
-import babel from 'rollup-plugin-babel'
+import babel from '@rollup/plugin-babel'
 
 export default {
 	input: 'src/index.js',
@@ -8,7 +8,7 @@ export default {
 	},
 	plugins: [
 		babel({
-			externalHelpers: true
+			babelHelpers: 'external'
 		})
 	],
 	external: ['events']

rollup.config.iife.js

@@ -1,5 +1,5 @@
-import babel from 'rollup-plugin-babel'
-import builtins from 'rollup-plugin-node-builtins'
+import babel from '@rollup/plugin-babel'
+import node from 'rollup-plugin-polyfill-node'
 
 export default {
 	input: 'src/index.js',
@@ -10,8 +10,8 @@ export default {
 	},
 	plugins: [
 		babel({
-			externalHelpers: true
+			babelHelpers: 'external'
 		}),
-		builtins()
+		node()
 	],
 }

src/index.js

@@ -1,4 +1,3 @@
-/* global WebSocket */
 import EventEmitter from 'events'
 
 const defer = function () {
@@ -182,7 +181,7 @@ export default class RohrpostClient extends EventEmitter {
 	}
 
 	_resubscribe () {
-		for (let args of Object.values(this._subscriptions)) {
+		for (const args of Object.values(this._subscriptions)) {
 			this.subscribe(args)
 		}
 	}
@@ -197,7 +196,7 @@ export default class RohrpostClient extends EventEmitter {
 	_handleUnsubscribe (message) {
 		const req = this._popPendingRequest(message.id)
 		if (!req) return // error already emitted in pop
-		for (let [group, args] of Object.entries(this._subscriptions)) {
+		for (const [group, args] of Object.entries(this._subscriptions)) {
 			if (args.type === req.args.type && args.id === req.args.id) { // this is perhaps a bit stupid
 				delete this._subscriptions[group]
 				break