carmenfan commented 1 year ago

The last bits of library upgrades were included in #3120 - which is going out in 4.28

Once that's in master we should revisit the dependabot alerts to see if there are any other ones worth addressing

Charence commented 1 year ago

backend

[x] https://github.com/3drepo/3drepo.io/security/dependabot/97 Critical
[x] https://github.com/3drepo/3drepo.io/security/dependabot/128 High
- This requires got 12.6.0, but cryptolens uses 11.8.5
- We are already on the latest cryptolens
- @types/http-cache-semantics is on v4.0.1 but http-cache-semantics is on v4.1.1
[x] https://github.com/3drepo/3drepo.io/security/dependabot/126 High
[x] https://github.com/3drepo/3drepo.io/security/dependabot/112 High
- supertest is on 3.4.2, latest is 6.3.3
- This only affects supertest used in v4 tests. Upgrading to next release 4.0.0 resolves this.
- qs@6.5.1 on v6.11.1
[x] https://github.com/3drepo/3drepo.io/security/dependabot/101 High
- ejs 3.1.9 only needs jake 10.8.5, which uses minimatch 3.0.4
- eslint-plugin-node 11.1.0 only needs minimatch 3.0.4
- now using v3.1.2
[x] https://github.com/3drepo/3drepo.io/security/dependabot/92 High
[x] https://github.com/3drepo/3drepo.io/security/dependabot/88 High
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/79 High
- dicer 0.2.5 is used by busboy 0.2.11, which is used with non-lts version of multer
- Upgrading multer to 1.4.5-lts.1 causes problems with error handling of src/v5/middleware/dataConverter/multer.js L83 with error Error: Unexpected end of form
[x] https://github.com/3drepo/3drepo.io/security/dependabot/124 Moderate
[x] https://github.com/3drepo/3drepo.io/security/dependabot/116 Moderate
[x] https://github.com/3drepo/3drepo.io/security/dependabot/114 Moderate
[x] https://github.com/3drepo/3drepo.io/security/dependabot/107 Moderate
[x] https://github.com/3drepo/3drepo.io/security/dependabot/94 Moderate
[x] https://github.com/3drepo/3drepo.io/security/dependabot/85 Moderate
[x] https://github.com/3drepo/3drepo.io/security/dependabot/53 Moderate
- shortid 2.2.16 uses nanoid 2.1.0
- Dependabot hasn't attempted to update nanoid as it's no longer vulnerable.
- Replace shortid with nanoid in src/v4/services/queue.js
[x] https://github.com/3drepo/3drepo.io/security/dependabot/95 Low

frontend

[ ] https://github.com/3drepo/3drepo.io/security/dependabot/102 Critical
- css-loader 6.7.3 uses loader-utils 1.2.3
- html-webpack-plugin 5.5.0 uses loader-utils 1.2.3
- webpack@4 uses 'loader-utils 1.2.3`
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/99 Critical
- see above
[x] https://github.com/3drepo/3drepo.io/security/dependabot/96 Critical
~https://github.com/3drepo/3drepo.io/security/dependabot/127 High~
- formik 1.5.8 uses create-react-context 0.2.2 which uses fbjs 0.8.0 which uses ua-parser-js 0.7.30
- This vulnerability seems to only affect client - will not address
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/123 High
- loader-utils 1.2.3 uses json5 1.0.1
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/121 High
- see above
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/109 High
- see above
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/108 High
- see above
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/105 High
- see above
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/104 High
- see above
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/90 High
- webpack@4 uses this
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/89 High
- see above
[x] https://github.com/3drepo/3drepo.io/security/dependabot/106 Moderate
[ ] https://github.com/3drepo/3drepo.io/security/dependabot/110 Low
- jest 27.5.1 uses this, via micromatch 3.1.10, snapdragon 0.8.2, source-map-resolve 0.5.3
- latest v29.5.0 still uses vulnerable v0.2.0 of decode-uri-component
- query-string 6.2.0 uses this
- v7.1.2 fixes dep for query-string but goes up a major version

Charence commented 1 year ago

Address: https://github.com/3drepo/3drepo.io/pull/4053

Charence commented 1 year ago

backend yarn install warnings:

yarn install v1.22.5
info No lockfile found.
[1/5] Validating package.json...
[2/5] Resolving packages...
warning app-config@1.0.0: You can use https://app-config.dev instead.
warning elastic-apm-node > async-cache@1.1.0: No longer maintained. Use [lru-cache](http://npm.im/lru-cache) version 7.6 or higher, and provide an asynchronous `fetchMethod` option.
warning json2csv@4.3.3: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
warning supertest > superagent@3.8.3: Please upgrade to v7.0.2+ of superagent.  We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing.  See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.
warning supertest > superagent > formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
[3/5] Fetching packages...
info fsevents@2.3.2: The platform "linux" is incompatible with this module.
info "fsevents@2.3.2" is an optional dependency and failed compatibility check. Excluding it from installation.
[4/5] Linking dependencies...
warning " > connect-mongo@4.6.0" has incorrect peer dependency "mongodb@^4.1.0".
[5/5] Building fresh packages...
success Saved lockfile.
Done in 82.08s.

Charence commented 1 year ago

frontend yarn install warnings:

yarn install v1.22.5
info No lockfile found.
[1/5] Validating package.json...
[2/5] Resolving packages...
warning formik > create-react-context > fbjs > core-js@1.2.7: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
warning react-dropzone > attr-accept > core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
warning react-highlight-words > memoize-one@4.1.0: New custom equality api does not play well with all equality helpers. Please use v5.x
warning react-livechat@1.1.1: Package no longer supported. Please use @livechat/widget-react instead.
warning react-markdown > remark-parse > trim@0.0.1: Use String.prototype.trim() instead
warning react-router > mini-create-react-context@0.4.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
warning react-trello > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning uuidv4 > uuid@3.3.3: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning @formatjs/cli > @vue/compiler-sfc > magic-string > sourcemap-codec@1.4.8: Please use @jridgewell/sourcemap-codec instead
warning @storybook/addon-essentials > @storybook/addon-docs > @storybook/mdx1-csf > @mdx-js/mdx > remark-parse > trim@0.0.1: Use String.prototype.trim() instead
warning @storybook/addon-essentials > @storybook/addon-docs > @storybook/store > stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
warning @storybook/addon-essentials > @storybook/addon-docs > @jest/transform > jest-haste-map > sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
warning @storybook/addon-essentials > @storybook/core-common > webpack > watchpack > watchpack-chokidar2 > chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
warning @storybook/addon-essentials > @storybook/core-common > webpack > watchpack > watchpack-chokidar2 > chokidar > fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning @storybook/addon-essentials > @storybook/core-common > webpack > micromatch > snapdragon > source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
warning @storybook/addon-essentials > @storybook/core-common > webpack > node-libs-browser > url > querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
warning @storybook/addon-essentials > @storybook/core-common > webpack > micromatch > snapdragon > source-map-resolve > resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
warning @storybook/addon-essentials > @storybook/core-common > webpack > micromatch > snapdragon > source-map-resolve > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning @storybook/addon-essentials > @storybook/core-common > webpack > micromatch > snapdragon > source-map-resolve > source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
warning @storybook/builder-webpack5 > stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
warning @storybook/react > @storybook/core > @storybook/core-server > @storybook/builder-webpack4 > stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
warning @storybook/react > @storybook/core > @storybook/core-server > @storybook/manager-webpack4 > terser-webpack-plugin > cacache > @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
warning @storybook/react > @storybook/core > @storybook/core-server > @storybook/manager-webpack4 > webpack-dev-middleware > webpack-log > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
warning cssnano > cssnano-preset-default > postcss-svgo > svgo > stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
warning Resolution field "lodash@4.17.21" is incompatible with requested version "lodash@^3.10.1"
warning jest > @jest/core > jest-runner > jest-environment-jsdom > jsdom > w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
warning redux-saga-test-plan > core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
warning storybook-addon-material-ui5 > react-inspector > babel-runtime > core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
warning stylelint > @stylelint/postcss-css-in-js@0.37.3: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
warning stylelint > @stylelint/postcss-markdown@0.36.2: Use the original unforked package instead: postcss-markdown
[3/5] Fetching packages...
warning Pattern ["@mui/styled-engine@npm:@mui/styled-engine-sc@5.4.2","@mui/styled-engine@^5.11.11"] is trying to unpack in the same destination "/home/charence/.cache/yarn/v6/npm-@mui-styled-engine-5.4.2-2683a960622f3616fa1a7d58e271d16311b374b8-integrity/node_modules/@mui/styled-engine" as pattern ["@mui/styled-engine@npm:@mui/styled-engine-sc@5.4.2"]. This could result in non-deterministic behavior, skipping.
info fsevents@2.3.2: The platform "linux" is incompatible with this module.
info "fsevents@2.3.2" is an optional dependency and failed compatibility check. Excluding it from installation.
info fsevents@1.2.13: The platform "linux" is incompatible with this module.
info "fsevents@1.2.13" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-freebsd-arm64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-freebsd-arm64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-freebsd-arm64@0.15.18: The CPU architecture "x64" is incompatible with this module.
info esbuild-android-64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-android-64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-android-arm64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-android-arm64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-android-arm64@0.15.18: The CPU architecture "x64" is incompatible with this module.
info esbuild-linux-32@0.15.18: The CPU architecture "x64" is incompatible with this module.
info "esbuild-linux-32@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-darwin-arm64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-darwin-arm64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-darwin-arm64@0.15.18: The CPU architecture "x64" is incompatible with this module.
info esbuild-freebsd-64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-freebsd-64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-linux-riscv64@0.15.18: The CPU architecture "x64" is incompatible with this module.
info "esbuild-linux-riscv64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-linux-ppc64le@0.15.18: The CPU architecture "x64" is incompatible with this module.
info "esbuild-linux-ppc64le@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-linux-arm@0.15.18: The CPU architecture "x64" is incompatible with this module.
info "esbuild-linux-arm@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-darwin-64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-darwin-64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-openbsd-64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-openbsd-64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-netbsd-64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-netbsd-64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-windows-32@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-windows-32@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-windows-32@0.15.18: The CPU architecture "x64" is incompatible with this module.
info esbuild-linux-mips64le@0.15.18: The CPU architecture "x64" is incompatible with this module.
info "esbuild-linux-mips64le@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-linux-s390x@0.15.18: The CPU architecture "x64" is incompatible with this module.
info "esbuild-linux-s390x@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-windows-arm64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-windows-arm64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-windows-arm64@0.15.18: The CPU architecture "x64" is incompatible with this module.
info esbuild-linux-arm64@0.15.18: The CPU architecture "x64" is incompatible with this module.
info "esbuild-linux-arm64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-windows-64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-windows-64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info @esbuild/android-arm@0.15.18: The platform "linux" is incompatible with this module.
info "@esbuild/android-arm@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info @esbuild/android-arm@0.15.18: The CPU architecture "x64" is incompatible with this module.
info @esbuild/linux-loong64@0.15.18: The CPU architecture "x64" is incompatible with this module.
info "@esbuild/linux-loong64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
info esbuild-sunos-64@0.15.18: The platform "linux" is incompatible with this module.
info "esbuild-sunos-64@0.15.18" is an optional dependency and failed compatibility check. Excluding it from installation.
[4/5] Linking dependencies...
warning " > @mui/styled-engine@5.4.2" has incorrect peer dependency "styled-components@^5.3.1".
warning " > @mui/styled-engine@5.4.2" has incorrect peer dependency "styled-components@^5.3.1".
warning " > @mui/x-date-pickers@5.0.3" has unmet peer dependency "@mui/system@^5.4.1".
warning " > @mui/x-date-pickers@5.0.3" has incorrect peer dependency "react@^17.0.2 || ^18.0.0".
warning " > @mui/x-date-pickers@5.0.3" has incorrect peer dependency "react-dom@^17.0.2 || ^18.0.0".
warning " > @webscopeio/react-textarea-autocomplete@4.6.3" has unmet peer dependency "prop-types@^15.0.0".
warning " > @webscopeio/react-textarea-autocomplete@4.6.3" has incorrect peer dependency "react@^16.0.0".
warning " > @webscopeio/react-textarea-autocomplete@4.6.3" has incorrect peer dependency "react-dom@^16.0.0".
warning "formik > create-react-context@0.2.3" has incorrect peer dependency "react@^0.14.0 || ^15.0.0 || ^16.0.0".
warning " > react-custom-scrollbars@4.2.1" has incorrect peer dependency "react@^0.14.0 || ^15.0.0 || ^16.0.0".
warning " > react-custom-scrollbars@4.2.1" has incorrect peer dependency "react-dom@^0.14.0 || ^15.0.0 || ^16.0.0".
warning " > react-event-listener@0.6.6" has incorrect peer dependency "react@^16.3.0".
warning " > react-konva@17.0.2-5" has incorrect peer dependency "konva@^8.0.1 || ^7.2.5".
warning "react-konva > react-reconciler@0.26.2" has incorrect peer dependency "react@^17.0.2".
warning " > react-markdown@4.3.1" has incorrect peer dependency "react@^15.0.0 || ^16.0.0".
warning " > react-trello@2.2.3" has unmet peer dependency "redux-actions@>= 2.6.1".
warning " > react-trello@2.2.3" has unmet peer dependency "redux-logger@>= 3.0.6".
warning "react-trello > react-redux@5.1.2" has incorrect peer dependency "react@^0.14.0 || ^15.0.0-0 || ^16.0.0-0".
warning "react-trello > react-popopo > styled-components@5.3.9" has unmet peer dependency "react-is@>= 16.8.0".
warning " > react-truncate@2.4.0" has unmet peer dependency "prop-types@<= 15.x.x".
warning " > react-truncate@2.4.0" has incorrect peer dependency "react@<= 16.x.x".
warning " > react-virtualized-auto-sizer@1.0.2" has incorrect peer dependency "react@^15.3.0 || ^16.0.0-alpha".
warning " > react-virtualized-auto-sizer@1.0.2" has incorrect peer dependency "react-dom@^15.3.0 || ^16.0.0-alpha".
warning " > react-window@1.8.2" has incorrect peer dependency "react@^15.0.0 || ^16.0.0".
warning " > react-window@1.8.2" has incorrect peer dependency "react-dom@^15.0.0 || ^16.0.0".
warning " > simplebar-react@1.0.0" has incorrect peer dependency "react@^0.14.9 || ^15.3.0 || ^16.0.0-rc || ^16.0".
warning " > simplebar-react@1.0.0" has incorrect peer dependency "react-dom@^0.14.9 || ^15.3.0 || ^16.0.0-rc || ^16.0".
warning " > styled-components@5.3.0" has unmet peer dependency "react-is@>= 16.8.0".
warning " > @mui/styled-engine-sc@5.4.2" has incorrect peer dependency "styled-components@^5.3.1".
warning " > @storybook/react@6.5.16" has unmet peer dependency "require-from-string@^2.0.2".
warning "@storybook/react > react-element-to-jsx-string@14.3.4" has incorrect peer dependency "react@^0.14.8 || ^15.0.1 || ^16.0.0 || ^17.0.1".
warning "@storybook/react > react-element-to-jsx-string@14.3.4" has incorrect peer dependency "react-dom@^0.14.8 || ^15.0.1 || ^16.0.0 || ^17.0.1".
warning " > @typescript-eslint/eslint-plugin@4.33.0" has incorrect peer dependency "@typescript-eslint/parser@^4.0.0".
warning " > cssnano@5.1.7" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default@5.2.14" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-calc@8.2.4" has unmet peer dependency "postcss@^8.2.2".
warning "cssnano > cssnano-preset-default > css-declaration-sorter@6.3.1" has unmet peer dependency "postcss@^8.0.9".
warning "cssnano > cssnano-preset-default > postcss-discard-duplicates@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-discard-comments@5.1.2" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-discard-empty@5.1.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-merge-longhand@5.1.7" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-discard-overridden@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-colormin@5.3.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-minify-gradients@5.1.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-minify-font-values@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-minify-params@5.1.4" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-normalize-charset@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-merge-rules@5.1.4" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-minify-selectors@5.2.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-normalize-string@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-normalize-repeat-style@5.1.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-normalize-positions@5.1.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-convert-values@5.1.3" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > cssnano-utils@3.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-normalize-unicode@5.1.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-normalize-whitespace@5.1.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-reduce-transforms@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-normalize-timing-functions@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-normalize-url@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-ordered-values@5.1.3" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-svgo@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-unique-selectors@5.1.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-merge-longhand > stylehacks@5.1.1" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-reduce-initial@5.1.2" has unmet peer dependency "postcss@^8.2.15".
warning "cssnano > cssnano-preset-default > postcss-normalize-display-values@5.1.0" has unmet peer dependency "postcss@^8.2.15".
warning "eslint-config-airbnb-typescript > eslint-config-airbnb > eslint-config-airbnb-base@14.2.1" has incorrect peer dependency "eslint-plugin-import@^2.22.1".
warning " > redux-saga-test-plan@4.0.3" has unmet peer dependency "@redux-saga/is@^1.0.1".
warning " > redux-saga-test-plan@4.0.3" has unmet peer dependency "@redux-saga/symbols@^1.0.1".
warning " > storybook-addon-material-ui5@1.0.0" has unmet peer dependency "@storybook/addons@^6.3.12".
warning " > storybook-addon-material-ui5@1.0.0" has unmet peer dependency "prop-types@^15.5.8".
warning "storybook-addon-material-ui5 > react-inspector@2.3.1" has incorrect peer dependency "react@^0.14.0 || ^15.0.0 || ^16.0.0".
warning "storybook-addon-material-ui5 > @usulpro/color-picker@1.1.4" has incorrect peer dependency "react@^0.14.7 || ^15.0.0 || ^16.0.0".
warning " > storybook-addon-styled-component-theme@2.0.0" has unmet peer dependency "@storybook/addons@>=6.1.0".
warning "storybook-addon-styled-component-theme > recompose@0.27.1" has incorrect peer dependency "react@^0.14.0 || ^15.0.0 || ^16.0.0".
warning " > stylelint-config-recommended@2.1.0" has incorrect peer dependency "stylelint@^8.3.0 || ^9.0.0".
[5/5] Building fresh packages...
success Saved lockfile.
Done in 263.24s.

Charence commented 1 year ago

NOTE: if frontend/yarn.lock is removed, the newly generated one by yarn install no longer works.

3drepo / 3drepo.io

Do another sweep at Dependabot alerts after 4.28 #3679

backend

frontend