search

certat / do-portal

This project is in maintenance mode and will only receive bug fixes, but no new features. A new version of this software is being developed.
5 stars 5 forks source link

customer-portal: npm deprecation errors and warnings #44

Open ghost opened 5 years ago

ghost commented 5 years ago 
cp-server@cp-aec:~/customer-portal$ https_proxy=http://proxy.cert.at:8080 npm install
npm WARN deprecated grunt-filerev@2.3.1: Deprecated
npm WARN engine karma-jasmine@1.1.2: wanted: {"node":">= 4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine grunt-ssh-deploy@0.4.1: wanted: {"node":">= 0.12.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated bower@1.8.4: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
npm WARN engine imagemin@4.0.0: wanted: {"node":">=0.10.0","npm":">=2.1.5"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine gulp-rename@1.4.0: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated connect@2.30.2: connect 2.x series is deprecated
npm WARN engine request@2.88.0: wanted: {"node":">= 4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated coffee-script@1.3.3: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated bower@1.3.12: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated browserslist@0.4.0: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN engine har-validator@5.1.0: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine form-data@2.3.3: wanted: {"node":">= 0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine har-schema@2.0.0: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine mime@1.6.0: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine http-proxy@1.17.0: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine deep-extend@0.6.0: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine esprima@4.0.1: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine deep-extend@0.6.0: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine deep-extend@0.6.0: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN optional dep failed, continuing fsevents@1.2.4
npm WARN engine deep-extend@0.6.0: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine deep-extend@0.6.0: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine deep-extend@0.6.0: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine ret@0.1.15: wanted: {"node":">=0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine ret@0.1.15: wanted: {"node":">=0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine follow-redirects@1.5.9: wanted: {"node":">=4.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine atob@2.1.2: wanted: {"node":">= 4.5.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated tough-cookie@0.12.1: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
npm WARN deprecated npmconf@2.1.3: this package has been reintegrated into npm and is now out of date with respect to npm
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN engine punycode@2.1.1: wanted: {"node":">=6"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine esprima@4.0.1: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated minimatch@1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated hoek@0.9.1: The major version is no longer supported. Please update to 4.x or newer
npm WARN engine esprima@4.0.1: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine co@4.6.0: wanted: {"iojs":">= 1.0.0","node":">= 0.12.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
[...]

cp-server@cp-aec:~/customer-portal$ https_proxy=http://proxy.cert.at:8080 npm install grunt-cli
npm WARN engine grunt-cli@1.3.1: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine ret@0.1.15: wanted: {"node":">=0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine ret@0.1.15: wanted: {"node":">=0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine atob@2.1.2: wanted: {"node":">= 4.5.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
grunt-cli@1.3.1 node_modules/grunt-cli
├── grunt-known-options@1.1.1
├── interpret@1.1.0
├── v8flags@3.0.2 (homedir-polyfill@1.0.1)
├── nopt@4.0.1 (abbrev@1.1.1, osenv@0.1.5)
└── liftoff@2.5.0 (flagged-respawn@1.0.0, rechoir@0.6.2, extend@3.0.2, is-plain-object@2.0.4, object.map@1.0.1, fined@1.1.0, resolve@1.8.1, findup-sync@2.0.0)
cp-server@cp-aec:~/customer-portal$ https_proxy=http://proxy.cert.at:8080 npm install bower
npm WARN deprecated bower@1.8.4: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
bower@1.8.4 node_modules/bower
davewood commented 5 years ago

found 102 vulnerabilities (51 low, 31 moderate, 20 high) in 9674 scanned packages run npm audit fix to fix 1 of them. 97 vulnerabilities require semver-major dependency updates. 4 vulnerabilities require manual review. See the full report for details.

grunt 1.0.4

found 83 vulnerabilities (46 low, 20 moderate, 17 high) in 9869 scanned packages run npm audit fix to fix 1 of them. 78 vulnerabilities require semver-major dependency updates. 4 vulnerabilities require manual review. See the full report for details.

npm WARN deprecated bower@1.8.8: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/ npm WARN grunt-contrib-clean@0.6.0 requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself. npm WARN grunt-contrib-connect@0.9.0 requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself. npm WARN grunt-contrib-copy@0.7.0 requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself. npm WARN grunt-contrib-uglify@0.7.0 requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself. npm WARN grunt-contrib-watch@0.6.1 requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself. npm WARN grunt-jscs@1.8.0 requires a peer of grunt@~0.4.2 but none is installed. You must install peer dependencies yourself. npm WARN grunt-ng-annotate@0.9.2 requires a peer of grunt@~0.4.1 but none is installed. You must install peer dependencies yourself. npm WARN grunt-wiredep@2.0.0 requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself. npm WARN jit-grunt@0.9.1 requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself.

found 82 vulnerabilities (45 low, 20 moderate, 17 high) in 10839 scanned packages 78 vulnerabilities require semver-major dependency updates. 4 vulnerabilities require manual review. See the full report for details.

"grunt-jscs": "^3.0.1",

found 85 vulnerabilities (47 low, 23 moderate, 15 high) in 10884 scanned packages 72 vulnerabilities require semver-major dependency updates. 13 vulnerabilities require manual review. See the full report for details.

grunt-contrib-watch": "^1.1.0

found 76 vulnerabilities (44 low, 21 moderate, 11 high) in 10906 scanned packages 63 vulnerabilities require semver-major dependency updates. 13 vulnerabilities require manual review. See the full report for details.

grunt-svgmin": "^5.0.0 (6.0.0 ui-tests dont pass)

found 75 vulnerabilities (44 low, 20 moderate, 11 high) in 10906 scanned packages 62 vulnerabilities require semver-major dependency updates. 13 vulnerabilities require manual review. See the full report for details.

"grunt-contrib-uglify": "^4.0.1",

found 72 vulnerabilities (42 low, 19 moderate, 11 high) in 10812 scanned packages 59 vulnerabilities require semver-major dependency updates. 13 vulnerabilities require manual review. See the full report for details.

grunt-contrib-htmlmin": "^3.0.0

found 68 vulnerabilities (39 low, 19 moderate, 10 high) in 10676 scanned packages 55 vulnerabilities require semver-major dependency updates. 13 vulnerabilities require manual review. See the full report for details.

"grunt-contrib-jshint": "^2.1.0",

found 63 vulnerabilities (37 low, 18 moderate, 8 high) in 10692 scanned packages 50 vulnerabilities require semver-major dependency updates. 13 vulnerabilities require manual review. See the full report for details.

davewood commented 5 years ago

grunt-contrib-imagemin": "^3.1.0

found 40 vulnerabilities (21 low, 11 moderate, 8 high) in 5469 scanned packages 27 vulnerabilities require semver-major dependency updates. 13 vulnerabilities require manual review. See the full report for details.

grunt-contrib-connect": "^2.0.0

portal-frontend         | Running "watch" task
portal-frontend         | Waiting...
portal-frontend         | (node:16) UnhandledPromiseRejectionWarning: Error: Exited with code 3
portal-frontend         |     at ChildProcess.cp.once.code (/home/cert/customer-portal/node_modules/opn/index.js:85:13)
portal-frontend         |     at Object.onceWrapper (events.js:317:30)
portal-frontend         |     at emitTwo (events.js:126:13)
portal-frontend         |     at ChildProcess.emit (events.js:214:7)
portal-frontend         |     at maybeClose (internal/child_process.js:915:16)
portal-frontend         |     at Socket.stream.socket.on (internal/child_process.js:336:11)
portal-frontend         |     at emitOne (events.js:116:13)
portal-frontend         |     at Socket.emit (events.js:211:7)
portal-frontend         |     at Pipe._handle.close [as _onclose] (net.js:561:12)
portal-frontend         |
portal-frontend         | (node:16) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
portal-frontend         | (node:16) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

found 23 vulnerabilities (12 low, 9 moderate, 2 high) in 5440 scanned packages 10 vulnerabilities require semver-major dependency updates. 13 vulnerabilities require manual review. See the full report for details.

grunt-angular-templates": "^1.1.0

found 20 vulnerabilities (10 low, 9 moderate, 1 high) in 5465 scanned packages 6 vulnerabilities require semver-major dependency updates. 14 vulnerabilities require manual review. See the full report for details.

grunt-ng-annotate": "^3.0.0

found 18 vulnerabilities (9 low, 8 moderate, 1 high) in 5464 scanned packages 4 vulnerabilities require semver-major dependency updates. 14 vulnerabilities require manual review. See the full report for details.

davewood commented 5 years ago

grunt-wiredep": "^3.0.1

found 15 vulnerabilities (8 low, 7 moderate) in 5475 scanned packages 1 vulnerability requires semver-major dependency updates. 14 vulnerabilities require manual review. See the full report for details.

grunt-contrib-cssmin": "^3.0.0

found 14 vulnerabilities (7 low, 7 moderate) in 5386 scanned packages 14 vulnerabilities require manual review. See the full report for details.

ghost commented 5 years ago

Current:

found 17 vulnerabilities (7 low, 8 moderate, 2 high)
  run `npm audit fix` to fix them, or `npm audit` for details
certrik commented 4 years ago

@davewood if easily fixed please stay on track resolving security issues.