search

ionic-team / capacitor-assets

Local Capacitor icon/splash screen resource generation tool
MIT License
516 stars 103 forks source link

high severity vulnerabilities after install @capacitor/assets 3.0.5 #628

Open erwinpalma opened 1 week ago

erwinpalma commented 1 week ago

I have installed "@capacitor/assets": "^3.0.5" from my ionic project, but after the installation I got the following warnings

npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated q@1.5.1: You or someone you depend on is using Q, the JavaScript Promise library that gave JavaScript developers strong feelings about promises. They can almost certainly migrate to the native JavaScript promise now. Thank you literally everyone for joining me in this bet against the odds. Be excellent to each other.
npm warn deprecated
npm warn deprecated (For a CapTP with native promises, see @endo/eventual-send and @endo/captp)
npm warn deprecated @xmldom/xmldom@0.7.13: this version is no longer supported, please update to at least 0.8.*
npm warn deprecated @xmldom/xmldom@0.7.13: this version is no longer supported, please update to at least 0.8.*

and the high severity vulnerabilities message

3 high severity vulnerabilities

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

Environment

Ionic:

   Ionic CLI                     : 7.2.0 (/opt/homebrew/lib/node_modules/@ionic/cli)
   Ionic Framework               : @ionic/angular 8.4.0
   @angular-devkit/build-angular : 17.3.11
   @angular-devkit/schematics    : 17.3.11
   @angular/cli                  : 17.3.11
   @ionic/angular-toolkit        : 12.1.1

Capacitor:

   Capacitor CLI      : 6.1.2
   @capacitor/android : not installed
   @capacitor/core    : 6.1.2
   @capacitor/ios     : not installed

Utility:

   cordova-res : not installed globally
   native-run  : 2.0.1

System:

   NodeJS : v20.16.0 (/usr/local/bin/node)
   npm    : 10.8.1
   OS     : macOS Unknown

Steps to reproduce the issue.

  1. Start a new ionic aplicationionic start myApp blank --capacitor --typeangular-standalone
  2. Move to the project directory cd myApp
  3. Install it npm i @capacitor/assets
  4. See the error.
prtcl commented 6 days ago

Same here. Looks like these are coming from deps of deps. 

% npm ls q
myapp@0.0.0 /Users/home/Projects/myapp
└─┬ @myapp/app@0.0.0 -> ./apps/app
  └─┬ @capacitor/assets@3.0.5
    └─┬ @trapezedev/project@7.0.10
      └─┬ conventional-changelog@3.1.25
        ├─┬ conventional-changelog-angular@5.0.13
        │ └── q@1.5.1
        ├─┬ conventional-changelog-atom@2.0.8
        │ └── q@1.5.1 deduped
        ├─┬ conventional-changelog-codemirror@2.0.8
        │ └── q@1.5.1 deduped
        ├─┬ conventional-changelog-conventionalcommits@4.6.3
        │ └── q@1.5.1 deduped
        ├─┬ conventional-changelog-core@4.2.4
        │ └── q@1.5.1 deduped
        ├─┬ conventional-changelog-ember@2.0.9
        │ └── q@1.5.1 deduped
        ├─┬ conventional-changelog-eslint@3.0.9
        │ └── q@1.5.1 deduped
        ├─┬ conventional-changelog-express@2.0.6
        │ └── q@1.5.1 deduped
        ├─┬ conventional-changelog-jquery@3.0.11
        │ └── q@1.5.1 deduped
        └─┬ conventional-changelog-jshint@2.0.9
          └── q@1.5.1 deduped