These occur with the latest commit at time of writing: d074f98809cbae059386851971544a281fd9f593
And seem to be caused by several outdated dependencies:
Step 5/11 : RUN npm install --production
---> Running in 126305f2a940
npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @zeit/ncc@0.22.3: @zeit/ncc is no longer maintained. Please use @vercel/ncc instead.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated fsevents@1.2.13: The v1 package contains DANGEROUS / INSECURE binaries. Upgrade to safe fsevents v2
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated left-pad@1.3.0: use String.prototype.padStart()
npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin.
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN notsup Unsupported engine for ts-jest@29.1.1: wanted: {"node":"^14.15.0 || ^16.10.0 || >=18.0.0"} (current: {"node":"10.24.1","npm":"6.14.12"})
npm WARN notsup Not compatible with your version of node/npm: ts-jest@29.1.1
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.2.7 (node_modules/jest-haste-map/node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.13: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
npm WARN notsup Unsupported engine for jest-util@29.6.2: wanted: {"node":"^14.15.0 || ^16.10.0 || >=18.0.0"} (current: {"node":"10.24.1","npm":"6.14.12"})
npm WARN notsup Not compatible with your version of node/npm: jest-util@29.6.2
npm WARN notsup Unsupported engine for yargs-parser@21.1.1: wanted: {"node":">=12"} (current: {"node":"10.24.1","npm":"6.14.12"})
npm WARN notsup Not compatible with your version of node/npm: yargs-parser@21.1.1
npm WARN notsup Unsupported engine for @jest/types@29.6.1: wanted: {"node":"^14.15.0 || ^16.10.0 || >=18.0.0"} (current: {"node":"10.24.1","npm":"6.14.12"})
npm WARN notsup Not compatible with your version of node/npm: @jest/types@29.6.1
npm WARN notsup Unsupported engine for @jest/schemas@29.6.0: wanted: {"node":"^14.15.0 || ^16.10.0 || >=18.0.0"} (current: {"node":"10.24.1","npm":"6.14.12"})
npm WARN notsup Not compatible with your version of node/npm: @jest/schemas@29.6.0
npm WARN ts-jest@29.1.1 requires a peer of jest@^29.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN ts-jest@29.1.1 requires a peer of typescript@>=4.3 <6 but none is installed. You must install peer dependencies yourself.
added 148 packages from 147 contributors and audited 628 packages in 17.66s
8 packages are looking for funding
run `npm fund` for details
found 19 moderate severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
The fsevents warning is particularly bad :warning::
npm WARN deprecated fsevents@1.2.13: The v1 package contains DANGEROUS / INSECURE binaries. Upgrade to safe fsevents v2
It's not obvious to the reader what this is about. Quick searching doesn't give an easy answer, and I had to really dig through the repository's issues and release notes to actually discover what happened here. The issue alluded to is described in the fsevents release notes for v1.2.11:
Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.
The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.
Everyone should really update to v2. We don’t have access to the AWS where 1.2.9 binaries are stored, which means you could be downloading malware / trojans. V2 doesn’t store binaries in aws.
Fortunately, I don't think fsevents installs only because it's optional.
jdkato
commented
1 year ago
These occur with the latest commit at time of writing: d074f98809cbae059386851971544a281fd9f593
And seem to be caused by several outdated dependencies:
The fsevents warning is particularly bad :warning::
It's not obvious to the reader what this is about. Quick searching doesn't give an easy answer, and I had to really dig through the repository's issues and release notes to actually discover what happened here. The issue alluded to is described in the fsevents release notes for v1.2.11:
and this issue comment:
Fortunately, I don't think fsevents installs only because it's optional.
But it's an alarming message nonetheless.