Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerable dependencies reported during build process #581

Open
martin-kokos opened this issue May 27, 2024 · 0 comments
Open

Vulnerable dependencies reported during build process #581

martin-kokos opened this issue May 27, 2024 · 0 comments

Comments

@martin-kokos
Copy link

When building, npm reports many deprectaions and vulnerabilities: 22 vulnerabilities (1 low, 8 moderate, 12 high, 1 critical)

make[2]: Entering directory '/home/x/repos/activitywatch/aw-server-rust/aw-webui'
npm ci
npm warn EBADENGINE Unsupported engine {
npm warn EBADENGINE   package: '@achrinza/[email protected]',
npm warn EBADENGINE   required: {
npm warn EBADENGINE     node: '8 || 9 || 10 || 11 || 12 || 13 || 14 || 15 || 16 || 17 || 18 || 19 || 20'
npm warn EBADENGINE   },
npm warn EBADENGINE   current: { node: 'v22.2.0', npm: '10.7.0' }
npm warn EBADENGINE }
npm warn deprecated [email protected]: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm warn deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated
npm warn deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm warn deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm warn deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm warn deprecated [email protected]: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-terser
npm warn deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm warn deprecated [email protected]: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
npm warn deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
npm warn deprecated [email protected]: Use your platform's native performance.now() and performance.timeOrigin.
npm warn deprecated [email protected]: Please use @jridgewell/sourcemap-codec instead
npm warn deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm warn deprecated [email protected]: [email protected]
npm warn deprecated [email protected]: You can find the new Popper v2 at @popperjs/core, this package is dedicated to the legacy v1

added 2200 packages, and audited 2201 packages in 39s

225 packages are looking for funding
  run `npm fund` for details

22 vulnerabilities (1 low, 8 moderate, 12 high, 1 critical)

Is it possible to bump at least vulnerable versions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant