Security patch 1 - Githubissues

coqui-ai / stt-model-manager

Coqui STT Model Manager - install, manage and try out Coqui STT models from the Model Zoo

https://coqui.ai

Mozilla Public License 2.0

24 stars 17 forks source link

Security patch 1 #46

Closed wasertech closed 2 years ago

CLAassistant commented 2 years ago

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

:white_check_mark: wasertech
:x: snyk-bot
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

wasertech commented 2 years ago

At least the lint passed 😅

wasertech commented 2 years ago

https://webpack.js.org/migrate/5/

wasertech commented 2 years ago

There is always something wrong! Grrrr...

It doesn't even tell me where it's using tapPromise 🙄

Is it related to compiler.hooks[...].tap? 🤔

wasertech commented 2 years ago

❯ make node_deps
yarn install
yarn install v1.22.19
info No lockfile found.
[1/4] Resolving packages...
warning @svgr/webpack > @svgr/plugin-svgo > svgo > stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
warning @testing-library/jest-dom > css > source-map-resolve@0.6.0: See https://github.com/lydell/source-map-resolve#deprecated
warning chai-http > superagent@3.8.3: Please upgrade to v7.0.2+ of superagent.  We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing.  See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.
warning chai-http > superagent > formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
warning create-react-app > tar-pack > tar@2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > jest-haste-map > fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > micromatch > snapdragon > source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > jest-haste-map > sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > micromatch > snapdragon > source-map-resolve > resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > micromatch > snapdragon > source-map-resolve > urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
warning jest-environment-jsdom-fourteen > @jest/environment > @jest/transform > micromatch > snapdragon > source-map-resolve > source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
warning jest-environment-jsdom-fourteen > jsdom > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
warning jest-environment-jsdom-fourteen > jsdom > request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
warning jest-environment-jsdom-fourteen > jsdom > request > har-validator@5.1.5: this library is no longer supported
warning jest-environment-jsdom-fourteen > jsdom > request > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
[2/4] Fetching packages...
[3/4] Linking dependencies...
warning " > @testing-library/user-event@14.2.3" has unmet peer dependency "@testing-library/dom@>=7.21.4".
warning "@typescript-eslint/eslint-plugin > tsutils@3.21.0" has unmet peer dependency "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta".
warning " > eslint-plugin-flowtype@8.0.3" has unmet peer dependency "@babel/plugin-syntax-flow@^7.14.5".
warning " > eslint-plugin-flowtype@8.0.3" has unmet peer dependency "@babel/plugin-transform-react-jsx@^7.14.9".
warning " > postcss-flexbugs-fixes@5.0.2" has unmet peer dependency "postcss@^8.1.4".
warning " > postcss-loader@7.0.1" has unmet peer dependency "postcss@^7.0.0 || ^8.0.1".
warning " > postcss-normalize@10.0.1" has unmet peer dependency "browserslist@>= 4".
warning " > postcss-normalize@10.0.1" has unmet peer dependency "postcss@>= 8".
warning "postcss-normalize > postcss-browser-comments@4.0.0" has unmet peer dependency "browserslist@>=4".
warning "postcss-normalize > postcss-browser-comments@4.0.0" has unmet peer dependency "postcss@>=8".
warning " > postcss-preset-env@7.7.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-cascade-layers@1.0.5" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-progressive-custom-properties@1.3.0" has unmet peer dependency "postcss@^8.3".
warning "postcss-preset-env > @csstools/postcss-color-function@1.1.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-ic-unit@1.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-trigonometric-functions@1.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-stepped-value-functions@1.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > css-blank-pseudo@3.0.3" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > autoprefixer@10.4.7" has unmet peer dependency "postcss@^8.1.0".
warning "postcss-preset-env > css-has-pseudo@3.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > css-prefers-color-scheme@6.0.3" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-attribute-case-insensitive@5.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-color-functional-notation@4.2.4" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-unset-value@1.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-color-hex-alpha@8.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > @csstools/postcss-font-format-keywords@1.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-color-rebeccapurple@7.1.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-hwb-function@1.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-custom-media@8.0.2" has unmet peer dependency "postcss@^8.3".
warning "postcss-preset-env > @csstools/postcss-is-pseudo-class@2.0.7" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-normalize-display-values@1.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-custom-properties@12.1.8" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-custom-selectors@6.0.3" has unmet peer dependency "postcss@^8.3".
warning "postcss-preset-env > postcss-dir-pseudo-class@6.0.5" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-double-position-gradients@3.1.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-focus-visible@6.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-focus-within@5.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-font-variant@5.0.0" has unmet peer dependency "postcss@^8.1.0".
warning "postcss-preset-env > postcss-env-function@4.0.6" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-gap-properties@3.0.5" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-image-set-function@4.0.7" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-initial@4.0.1" has unmet peer dependency "postcss@^8.0.0".
warning "postcss-preset-env > postcss-lab-function@4.2.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-media-minmax@5.0.0" has unmet peer dependency "postcss@^8.1.0".
warning "postcss-preset-env > postcss-logical@5.0.4" has unmet peer dependency "postcss@^8.4".
warning "postcss-preset-env > postcss-overflow-shorthand@3.0.4" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-page-break@3.0.4" has unmet peer dependency "postcss@^8".
warning "postcss-preset-env > postcss-nesting@10.1.10" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-replace-overflow-wrap@4.0.0" has unmet peer dependency "postcss@^8.0.3".
warning "postcss-preset-env > postcss-place@7.0.5" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-pseudo-class-any-link@7.1.6" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-selector-not@6.0.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-cascade-layers > @csstools/selector-specificity@2.0.2" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > @csstools/postcss-oklab-function@1.1.1" has unmet peer dependency "postcss@^8.2".
warning "postcss-preset-env > postcss-clamp@4.1.0" has unmet peer dependency "postcss@^8.4.6".
warning " > postcss-safe-parser@6.0.0" has unmet peer dependency "postcss@^8.3.3".
warning "react-dev-utils > fork-ts-checker-webpack-plugin@6.5.2" has unmet peer dependency "typescript@>= 2.7".
[4/4] Building fresh packages...
success Saved lockfile.
Done in 64.57s.
❯ make package
yarn install
yarn install v1.22.19
[1/4] Resolving packages...
success Already up-to-date.
Done in 0.49s.
yarn build
yarn run v1.22.19
$ node scripts/build.js
Creating an optimized production build...
Failed to compile.

Cannot read properties of undefined (reading 'tapPromise')

error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
make: *** [Makefile:11 : react_build] Erreur 1

wasertech commented 2 years ago

Closed to #47