Closed JosiahOne closed 3 years ago
@Unitech Please confirm this PR and upgrade axios to 0.21.1 following infos: https://github.com/advisories/GHSA-4w2v-q235-vp99 https://www.npmjs.com/advisories/1594
and please don't forget to publish to npm :)
Our CI did not managed to publish the package.
When:
git clone https://github.com/keymetrics/pm2-io-js-api.git
cd pm2-io-js-api
npm install
It fails with:
> @pm2/js-api@0.6.4 dist
> mkdir -p dist; browserify -s Keymetrics -r ./ | uglifyjs -c warnings=false -m > ./dist/keymetrics.es5.min.js
Parse error at 0:7247,20
exports.destroy = (() => {
^
ERROR: Unexpected token: punc ())
at JS_Parse_Error.get (eval at <anonymous> (/tmp/pm2-io-js-api/node_modules/uglify-js/tools/node.js:21:1), <anonymous>:73:23)
at fatal (/tmp/pm2-io-js-api/node_modules/uglify-js/bin/uglifyjs:289:53)
at run (/tmp/pm2-io-js-api/node_modules/uglify-js/bin/uglifyjs:233:9)
at Socket.<anonymous> (/tmp/pm2-io-js-api/node_modules/uglify-js/bin/uglifyjs:166:9)
at Socket.emit (node:events:388:22)
at endReadableNT (node:internal/streams/readable:1295:12)
at processTicksAndRejections (node:internal/process/task_queues:80:21)
I'm looking at it right now but if anyone has a suggestion that's welcome
ok published, the error was caused because of latest version of debug
Thanks! Works for me like in https://github.com/Unitech/pm2/issues/4937#issuecomment-755264801
axios has a critical (server-side request forgery) security vulnerability affecting versions <0.21.1.
This is causing
npm audit
warnings when installing pm2. This PR allows 0.21.1 to be installed, mitigating the problem.I wasn't sure how to run tests, to unfortunately that hasn't been done. I have no idea if this upgrade is stable.