search

jenkins-infra / stats.jenkins.io

Revamped Jenkins Infra Stats Website as a part of GSoC 2024
https://new.stats.jenkins.io
3 stars 4 forks source link

`npm install` reports 2 vulnerabilities #17

Closed lemeurherve closed 1 week ago

lemeurherve commented 1 week ago

From @gounthar in https://github.com/jenkins-infra/stats.jenkins.io/pull/8#pullrequestreview-2123513988:

npm install
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported

added 305 packages, and audited 306 packages in 2m

57 packages are looking for funding
  run `npm fund` for details

2 vulnerabilities (1 moderate, 1 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.
npm notice
npm notice New patch version of npm available! 10.8.0 -> 10.8.1
npm notice Changelog: https://github.com/npm/cli/releases/tag/v10.8.1
npm notice To update run: npm install -g npm@10.8.1
npm notice

I guess the warnings during the install phase aren't that much of an issue?

This is an issue that should be fixed indeed.

krisstern commented 1 week ago

This is bad advise, we are not going backwards to install an older version to resolve the issue. I will look into this and see how this can be properly addressed.

lemeurherve commented 1 week ago

Renamed the issue accordingly.