security: found 498 vulnerabilities (2 low, 4 moderate, 492 high)

[peterennis]

added 7 packages from 3 contributors, updated 3 packages and audited 53225 packages in 26.592s
found 498 vulnerabilities (2 low, 4 moderate, 492 high)
  run `npm audit fix` to fix them, or `npm audit` for details

C:\ae\ionic4-sidemenu-auth>npm audit fix

> core-js@3.2.1 postinstall C:\ae\ionic4-sidemenu-auth\node_modules\@angular-devkit\build-angular\node_modules\core-js
> node scripts/postinstall || echo "ignore"

Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!

The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:
> https://opencollective.com/core-js
> https://www.patreon.com/zloirock

Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)

npm WARN @ionic/angular@4.11.7 requires a peer of @angular-devkit/core@7.2.1 - 8 but none is installed. You must install peer dependencies yourself.
npm WARN @ionic/angular@4.11.7 requires a peer of @angular-devkit/schematics@7.2.1 - 8 but none is installed. You must install peer dependencies yourself.
npm WARN @ionic/ng-toolkit@1.1.0 requires a peer of @angular-devkit/architect@0.9.0-beta.3 but none is installed. You must install peer dependencies yourself.
npm WARN @ionic/ng-toolkit@1.1.0 requires a peer of @angular-devkit/build-angular@0.9.0-beta.3 but none is installed. You must install peer dependencies yourself.
npm WARN @ionic/ng-toolkit@1.1.0 requires a peer of @angular-devkit/core@0.9.0-beta.3 but none is installed. You must install peer dependencies yourself.
npm WARN @ionic/ng-toolkit@1.1.0 requires a peer of @angular-devkit/schematics@0.9.0-beta.3 but none is installed. You must install peer dependencies yourself.
npm WARN @ionic/schematics-angular@1.0.7 requires a peer of @angular-devkit/core@0.9.0-beta.3 but none is installed. You must install peer dependencies yourself.
npm WARN @ionic/schematics-angular@1.0.7 requires a peer of @angular-devkit/schematics@0.9.0-beta.3 but none is installed. You must install peer dependencies yourself.
npm WARN codelyzer@4.4.4 requires a peer of @angular/compiler@>=2.3.1 <7.0.0 || >6.0.0-beta <7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN codelyzer@4.4.4 requires a peer of @angular/core@>=2.3.1 <7.0.0 || >6.0.0-beta <7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @angular-devkit/build-angular@0.803.21 requires a peer of @angular/compiler-cli@^8.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ngtools/webpack@8.3.21 requires a peer of @angular/compiler-cli@^8.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN @ngtools/webpack@8.3.21 requires a peer of typescript@>=3.4 < 3.6 but none is installed. You must install peer dependencies yourself.
npm WARN ajv-keywords@3.4.1 requires a peer of ajv@^6.9.1 but none is installed. You must install peer dependencies yourself.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.8 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.8: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

+ @angular-devkit/build-angular@0.803.21
added 333 packages from 113 contributors, removed 39 packages, updated 127 packages and moved 23 packages in 86.596s

20 packages are looking for funding
  run `npm fund` for details

fixed 496 of 498 vulnerabilities in 53225 scanned packages
  2 package updates for 2 vulnerabilities involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)

C:\ae\ionic4-sidemenu-auth>

[peterennis]

The fix causes test to fail:

C:\ae\ionic4-sidemenu-auth>npm test

> sidemenu-auth@0.0.1 test C:\ae\ionic4-sidemenu-auth
> ng test

Schema validation failed with the following errors:
  Data path ".builders['app-shell']" should have required property 'class'.
Error: Schema validation failed with the following errors:
  Data path ".builders['app-shell']" should have required property 'class'.
    at MergeMapSubscriber.project (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\@angular-devkit\core\src\workspace\workspace.js:215:42)
    at MergeMapSubscriber._tryNext (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\operators\mergeMap.js:69:27)
    at MergeMapSubscriber._next (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\operators\mergeMap.js:59:18)
    at MergeMapSubscriber.Subscriber.next (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\Subscriber.js:67:18)
    at MergeMapSubscriber.notifyNext (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\operators\mergeMap.js:92:26)
    at InnerSubscriber._next (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\InnerSubscriber.js:28:21)
    at InnerSubscriber.Subscriber.next (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\Subscriber.js:67:18)
    at MapSubscriber._next (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\operators\map.js:55:26)
    at MapSubscriber.Subscriber.next (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\Subscriber.js:67:18)
    at SwitchMapSubscriber.notifyNext (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\operators\switchMap.js:86:26)
    at InnerSubscriber._next (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\InnerSubscriber.js:28:21)
    at InnerSubscriber.Subscriber.next (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\Subscriber.js:67:18)
    at C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\util\subscribeTo.js:17:28
    at Object.subscribeToResult (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\util\subscribeToResult.js:10:45)
    at SwitchMapSubscriber._innerSub (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\operators\switchMap.js:65:54)
    at SwitchMapSubscriber._next (C:\ae\ionic4-sidemenu-auth\node_modules\@angular\cli\node_modules\rxjs\internal\operators\switchMap.js:55:14)
npm ERR! Test failed.  See above for more details.

C:\ae\ionic4-sidemenu-auth>

[peterennis]

upgrade deps to A8 etc.

npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

added 90 packages from 60 contributors, removed 77 packages, updated 107 packages, moved 6 packages and audited 23154 packages in 91.179s

23 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

C:\ae\ionic4-sidemenu-auth>

This resolves the security issues but there are breaking changes with Ionic as it now uses CSS by default instead of SCSS.

[peterennis]

ERROR in ./src/polyfills.ts
Module not found: Error: Can't resolve 'core-js/es7/reflect' in 'C:\ae\ionic4-sidemenu-auth\src'
resolve 'core-js/es7/reflect' in 'C:\ae\ionic4-sidemenu-auth\src'
  Parsed request is a module

[peterennis]

fix reflect issue and test results are:

[peterennis]

ionic g page aaaa

An unhandled exception occurred: Could not find module "@ionic/angular-toolkit"

[aaronksaunders]

First off thanks for taking a look at my work; however not sure why you are logging these issues here? If you forked the repo and you are running into issues, once you identify the resolution, I am more that happy to merge the PR.

This project is pretty old and needs to be updated, and you cannot update it by just running the audit and updating all of the packages

[peterennis]

Hi, I am working on the PR, so these are just notes to track fixes related to the security problems. As you suggest, I am using the default build from ionic for comparison and if I run into a wall I will take it upstream.

[aaronksaunders]

@peterennis I have updated the repo, remove all audit issues and the basic tests all pass 👍🏾

On Sun, Dec 29, 2019 at 4:29 PM peterennis notifications@github.com wrote:

Hi, I am working on the PR, so these are just notes to track fixes related to the security problems. As you suggest, I am using the default build from ionic for comparison and if I run into a wall I will take it upstream.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/aaronksaunders/ionic4-sidemenu-auth/issues/8?email_source=notifications&email_token=AAEAFGOKKCFNGBLICO7GJF3Q3EJEJA5CNFSM4KBAUAH2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHZIXPY#issuecomment-569543615, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEAFGPN4YNNSH27EBN3CFDQ3EJEJANCNFSM4KBAUAHQ .

--

--

Aaron K. Saunders CEO Clearly Innovative Inc - Luma Lab - In3 aaron@clearlyinnovative.com www.clearlyinnovative.com www.In3DC.com

This email message and any attachment(s) are for the sole use of the intended recipient(s) and may contain proprietary and/or confidential information which may be privileged or otherwise protected from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient(s), please contact the sender by reply email and destroy the original message and any copies of the message as well as any attachment(s) to the original message.

[peterennis]

That was quick 😄 I got to here: and learned a bunch. Thanks

[aaronksaunders]

@peterennis i needed to update it, your issues gave me the motivation... I just created a new project with the correct dependencies and then moved over the base source file and tweaked it from there.

We have been working with Ionic since the first version and have had to update multiple projects recently; this is the most efficient process.