search

day8 / re-frame

A ClojureScript framework for building user interfaces, leveraging React
http://day8.github.io/re-frame/
MIT License
5.4k stars 715 forks source link

[Bug]: fix examples projects lockfiles warning #768

Closed j4m3s-s closed 11 months ago

j4m3s-s commented 1 year ago

What happened?

Running npm install in the examples directory changes the lockfile since the old lockfile is not supported anymore.

There are warnings about deprecated libraries used as well as security vulnerabilities in locked dependencies.

Relevant npm install output in simple/

Version

current master at time of writing

What runtimes are you seeing the problem on?

Node.js

Relevant console output

npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile 
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated date-format@3.0.0: 3.x is no longer supported. Please upgrade to 4.x or higher.
npm WARN deprecated date-format@2.1.0: 2.x is no longer supported. Please upgrade to 4.x or higher.
npm WARN deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm WARN deprecated streamroller@2.2.4: 2.x is no longer supported. Please upgrade to 3.x or higher.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142

added 295 packages, and audited 296 packages in 15s

12 packages are looking for funding
  run `npm fund` for details

10 vulnerabilities (2 moderate, 4 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues, run:
  npm audit fix --force

Run `npm audit` for details.
kimo-k commented 11 months ago

Lockfiles & critical vulnerabilities are fixed.

Some moderate vulnerabilities remain, but we can't fully solve them without replacing karma with a new test runner. I'm not sure how complex that task is, but we're looking into it.

kimo-k commented 11 months ago

Fixed all remaining vulnerabilities.