search

buttplugio / buttplug-developer-guide

Moved to docs.buttplug.io repo
https://docs.buttplug.io/
30 stars 7 forks source link

npm install warns of severe vulnerabilities in packages + npm run build fails due to package mismatch; resolved after running "npm audit fix" #42

Open wolfsprite opened 2 years ago

wolfsprite commented 2 years ago

Ran: git clone https://github.com/buttplugio/buttplug-developer-guide.git cd .\buttplug-developer-guide\ npm install

which resulted in:

npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated buffer@4.9.1: This version of 'buffer' is out-of-date. You must update to v4.9.2 or newer
npm WARN deprecated ini@1.3.5: Please update to ini >=1.3.6 to avoid a prototype pollution issue
npm WARN deprecated domelementtype@1.3.0: update to domelementtype@1.3.1
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated set-value@2.0.0: Critical bug fixed in v3.0.1, please upgrade to the latest version.
npm WARN deprecated source-map-url@0.4.0: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated har-validator@5.1.3: this library is no longer supported
npm WARN deprecated source-map-resolve@0.5.2: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated request@2.88.0: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated set-value@0.4.3: Critical bug fixed in v3.0.1, please upgrade to the latest version.
npm WARN deprecated mkdirp@0.3.0: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)

added 1192 packages, and audited 1193 packages in 56s

41 packages are looking for funding
  run `npm fund` for details

55 vulnerabilities (2 low, 25 moderate, 26 high, 2 critical)

To address issues that do not require attention, run:
  npm audit fix

It is also worth noting that after having run npm install, I attempted npm run build, which resulted in this error:

> buttplug-developer-guide@0.1.0 build
> vuepress build developer-guide

A:\World\Code\Repositories\buttplug-developer-guide\node_modules\vue-server-renderer\index.js:8
  throw new Error(
  ^

Error:

Vue packages version mismatch:

- vue@2.6.14
- vue-server-renderer@2.6.12

This may cause things to work incorrectly. Make sure to use the same version for both.

    at Object.<anonymous> (A:\World\Code\Repositories\buttplug-developer-guide\node_modules\vue-server-renderer\index.js:8:9)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Module.require (node:internal/modules/cjs/loader:1005:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (A:\World\Code\Repositories\buttplug-developer-guide\node_modules\@vuepress\core\lib\node\build\index.js:11:34)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Module.require (node:internal/modules/cjs/loader:1005:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (A:\World\Code\Repositories\buttplug-developer-guide\node_modules\@vuepress\core\lib\node\App.js:21:22)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)

Running npm audit fix (as suggested by the npm install output) resulted in 77 vulnerabilities (62 moderate, 15 high) (more overall vulnerabilities, but less high and 0 critical). Also, after performing npm audit fix, npm run build successfully worked:

> buttplug-developer-guide@0.1.0 build
> vuepress build developer-guide

wait Extracting site metadata...
tip Apply theme @vuepress/theme-default ...
tip Apply plugin container (i.e. "vuepress-plugin-container") ...
tip Apply plugin @vuepress/register-components (i.e. "@vuepress/plugin-register-components") ...
tip Apply plugin @vuepress/active-header-links (i.e. "@vuepress/plugin-active-header-links") ...
tip Apply plugin @vuepress/search (i.e. "@vuepress/plugin-search") ...
tip Apply plugin @vuepress/nprogress (i.e. "@vuepress/plugin-nprogress") ...
tip Apply plugin matomo (i.e. "vuepress-plugin-matomo") ...
tip Apply plugin @vuepress/back-to-top (i.e. "@vuepress/plugin-back-to-top") ...
tip Apply plugin code-switcher (i.e. "vuepress-plugin-code-switcher") ...

√ Client
  Compiled successfully in 6.31s

√ Server
  Compiled successfully in 4.04s

wait Rendering static HTML...
success Generated static files in developer-guide\.vuepress\dist.
wolfsprite commented 2 years ago

I'm not sure what the process would be to get this fixed in the repo itself, but I did hope to help by detailing the issue I was having and how I resolved it on my end.