search

l-atelier-des-chercheurs / dodoc

Conçu pour favoriser les processus réflexifs lors d’activités d’apprentissage, do•doc est un outil ouvert et modulaire qui permet de capturer des médias (photos, vidéos, sons et stop-motion), de les éditer, de les mettre en page et de les publier
https://latelier-des-chercheurs.fr/outils/dodoc
GNU Affero General Public License v3.0
61 stars 11 forks source link

Crash linux electron 29 #940

Closed jubonhomme closed 5 months ago

jubonhomme commented 6 months ago

J'ai mis à jour ce soir... Trois plantages de dodoc souvent à l'enregistrement d'un média

Exemple avec celui ci

API2 • _restrictToContributors – Parent inheritance: Token is instance admin API2 • _restrictToContributors – Parent inheritance: Token is instance admin THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-2/projects/deplacement-bis/video-1712097216816-vyq.webm.0.jpeg.50.jpeg MEMORY-ERROR: electron[10981]: GSlice: assertion failed: sinfo->n_allocated > 0 /home/julien/dodoc10/node_modules/electron/dist/electron exited with signal SIGABRT

Un deuxième exemple à la suite d'une fabrication Découper une vidéo image

louis-ev commented 6 months ago

Oula c'est pas génial ces soucis, c'est assez bas niveau. Il y a eu pas mal de changements dans la gestion de la mémoire, une possibilité serait qu'on sollicite trop la mémoire (genre copie de toute la vidéo vers plusieurs variables).

En lien : https://github.com/lovell/sharp/issues/3817 https://github.com/electron/electron/issues/38048

Il faudrait voir si ça arrive en faisant uniquement des photos ? Plus précisément, qu'est-ce qui provoque ça ?

jubonhomme commented 6 months ago

nouveau plantage en faisant un montage avec trois médias vidéos de quelques secondes

MEMORY-ERROR: electron[7790]: GSlice: assertion failed: sinfo->n_allocated > 0 /home/julien/dodoc10/node_modules/electron/dist/electron exited with signal SIGABRT

louis-ev commented 5 months ago

Est-ce systématique ? Tu arrives à reproduire plusieurs fois de suite ? Est-ce que ça plante aussi sur un autre OS, sur la même branche ?

jubonhomme commented 5 months ago

Systématique non. Si je redémarre dodoc et que je relance le montage ça passe. Mais une ou deux fabrications plus loin ça plante à nouveau.

Là je viens de faire un peu de vide dans les projets. Et sur un nouveau projet avec quelques imports d'images ça plante.

 API2 • _uploadFile – {"status":"uploaded file","path_to_folder":"spaces/test-v10/projects/test-v10","meta_filename":"planchea.jpg.meta.txt"}
~ FILE • getFile – {"path_to_meta":"spaces/test-v10/projects/test-v10/planchea.jpg.meta.txt"}
~ CACHE • get – no cache for spaces/test-v10/projects/test-v10/planchea.jpg.meta.txt
~ UTILS • readMetaFile – {"paths":["spaces/test-v10/projects/test-v10/planchea.jpg.meta.txt"]}
- THUMBS • _readImageExif – Gotten metadata / {"metadata":{"format":"png","width":631,"height":337,"space":"srgb","channels":4,"depth":"uchar","density":96,"isProgressive":false,"hasProfile":false,"hasAlpha":true}}
~ THUMBS • _readFileInfos – {"full_media_path":"/home/julien/Nextcloud/dodoc10cloud/spaces/test-v10/projects/test-v10/logo-dodoc.png"}
~ THUMBS • makeThumbForMedia – {"media_type":"image","media_filename":"planchea.jpg","path_to_folder":"spaces/test-v10/projects/test-v10"}
~ UTILS • parseAndCheckSchema – {"relative_path":"spaces/test-v10/projects/test-v10"}
~ getInfosForFile - 0s 19.045945ms
~ UTILS • storeContent – {"full_path":"/home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/logo-dodoc.png.infos.txt","meta":{"width":631,"height":337,"ratio":0.5341,"size":12862,"mtimems":1712433896671,"hash":"1d5d3d6fe3a8d7722a47d79a2b5062b2"}}
~ CACHE • set – set spaces/test-v10/projects/test-v10/logo-dodoc.png.meta.txt
~ NOTIFIER • {"event":"fileCreated","path":"spaces/test-v10/projects/test-v10","data":{"path_to_folder":"spaces/test-v10/projects/test-v10","meta":{"$authors":["authors/admin"],"$date_created":"2023-06-08T04:14:18.229Z","$date_modified":"2024-04-06T20:04:56.681Z","$date_uploaded":"2024-04-06T20:04:56.681Z","$media_filename":"logo-dodoc.png","$status":"private",[…]
~ THUMBS • _makeThumbFor – {"full_media_path":"/home/julien/Nextcloud/dodoc10cloud/spaces/test-v10/projects/test-v10/planchea.jpg"}
~ THUMBS • _makeImageThumbsFor – {"full_media_path":"/home/julien/Nextcloud/dodoc10cloud/spaces/test-v10/projects/test-v10/planchea.jpg","media_filename":"planchea.jpg","path_to_thumb_folder":"thumbs/spaces/test-v10/projects/test-v10","resolutions":[50,220,440,1600]}
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/planchea.jpg.50.jpeg
THUMBS • _makeImageThumbsFor – --> made thumb
~ THUMBS • _readFileInfos – {"full_media_path":"/home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/planchea.jpg.50.jpeg"}
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/planchea.jpg.220.jpeg

***MEMORY-ERROR***: electron[6876]: GSlice: assertion failed: sinfo->n_allocated > 0
/home/julien/dodoc10/node_modules/electron/dist/electron exited with signal SIGABRT
julien@CM57-DEL12:~/dodoc10$
jubonhomme commented 5 months ago

Je vais essayer de relancer sur windows et electron pour voir

louis-ev commented 5 months ago

Ça ressemble fort à une fuite de mémoire, ces tâches demandent à ce qu'on leur alloue une quantité de RAM non négligeable et elles ne l'obtiennent visiblement pas – peut être parce que le budget permis est épuisé ? D'où le fait que ça marche au début puis que ça crash au bout d'un moment. L'idéal serait d'avoir plus d'infos côté électron la dessus.

jubonhomme commented 5 months ago

Je ne comprends pas grand chose à part que ça pourrait correspondre à ça https://github.com/electron/electron/issues/38048#issuecomment-1521874358

louis-ev commented 5 months ago

Effectivement, en relisant tes posts je me dis que c'est clairement lié à sharp et à la génération d'aperçu image. Tu peux confirmer ? ça plante dans les fabrications après la fabrication, quand la vidéo est créé et que dodoc essaye de créer un aperçu image du résultat ?

louis-ev commented 5 months ago

J'ai ajouté une petite info qui s'affiche toutes les secondes, c'est l'utilisation de la mémoire heap :

image

Branche dodoc2-next-fix_windows Tu peux tester sur linux et me dire ce que ça affiche ? Merci !

jubonhomme commented 5 months ago

Ok je passe sur cette branche et je fais un test sous linux

jubonhomme commented 5 months ago

Nouveau crash


API2 • _restrictIfPrivate – Folder is private
API2 • _restrictIfPrivate – User allowed to open private folder
~ _getFolder - spaces/test-v10/projects/test-v10/makes/montage-video-0v4 – 0s 0.50317ms
API2 • _restrictToLocalAdmins – Token editing self

API2 • _restrictToContributors – Parent inheritance: Token is instance admin

API2 • _restrictToLocalAdmins – Parent inheritance: Token is instance admin
Heap Memory Usage: 1.31%
Heap Memory Usage: 1.32%
Heap Memory Usage: 1.32%
Heap Memory Usage: 1.32%
Heap Memory Usage: 1.32%
Heap Memory Usage: 1.32%

API2 • _restrictToLocalAdmins – Parent inheritance: Token is instance admin
Heap Memory Usage: 1.33%
Heap Memory Usage: 1.33%
Heap Memory Usage: 1.33%
Heap Memory Usage: 1.33%
Heap Memory Usage: 1.33%

Heap Memory Usage: 1.33%
Heap Memory Usage: 1.33%

API2 • _restrictIfPrivate – Folder is private
API2 • _restrictIfPrivate – User allowed to open private folder
~ _getFolder - spaces/test-v10/projects/test-v10/makes/montage-video-nqt – 0s 41.669901ms
Heap Memory Usage: 1.32%
Heap Memory Usage: 1.32%
Heap Memory Usage: 1.32%
Heap Memory Usage: 1.32%
Heap Memory Usage: 1.32%

API2 • _restrictToLocalAdmins – Parent inheritance: Token is instance admin
Heap Memory Usage: 1.33%
Heap Memory Usage: 1.33%
/home/julien/dodoc10/node_modules/electron/dist/electron exited with signal SIGSEGV
julien@CM57-DEL12:~/dodoc10$

Et un autre après avoir redémarré dodoc et fait 2 montages à la suite... le premier passe mais plantage à 10 ou 15 % du deuxième


API2 • _restrictIfPrivate – User allowed to open private folder
~ _getFolder - spaces/test-v10/projects/test-v10/makes/montage-video-nqt – 0s 3.355188ms
Heap Memory Usage: 1.51%
Heap Memory Usage: 1.51%
Heap Memory Usage: 1.51%
Heap Memory Usage: 1.51%
Heap Memory Usage: 1.51%
Heap Memory Usage: 1.51%

API2 • _restrictToLocalAdmins – Parent inheritance: Token is instance admin
Heap Memory Usage: 1.57%
Heap Memory Usage: 1.58%
Heap Memory Usage: 1.58%
Heap Memory Usage: 1.59%
Heap Memory Usage: 1.60%
Heap Memory Usage: 1.61%
Heap Memory Usage: 1.61%
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/video-assemblage-2.mp4.0.jpeg.50.jpeg
THUMBS • _makeImageThumbsFor – --> made thumb
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/video-assemblage-2.mp4.0.jpeg.220.jpeg
THUMBS • _makeImageThumbsFor – --> made thumb
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/video-assemblage-2.mp4.0.jpeg.440.jpeg
THUMBS • _makeImageThumbsFor – --> made thumb
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/video-assemblage-2.mp4.0.jpeg.1600.jpeg
THUMBS • _makeImageThumbsFor – --> made thumb
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/video-assemblage-2.mp4.50pc.jpeg.50.jpeg
THUMBS • _makeImageThumbsFor – --> made thumb
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/video-assemblage-2.mp4.50pc.jpeg.220.jpeg
THUMBS • _makeImageThumbsFor – --> made thumb
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/video-assemblage-2.mp4.50pc.jpeg.440.jpeg
THUMBS • _makeImageThumbsFor – --> made thumb
THUMBS • _makeImageThumbsFor – Missing thumb at / /home/julien/Nextcloud/dodoc10cloud/thumbs/spaces/test-v10/projects/test-v10/video-assemblage-2.mp4.50pc.jpeg.1600.jpeg
THUMBS • _makeImageThumbsFor – --> made thumb
~ getInfosForFile - 0s 41.454615ms
Heap Memory Usage: 1.43%
Heap Memory Usage: 1.40%
Heap Memory Usage: 1.40%
Heap Memory Usage: 1.40%
Heap Memory Usage: 1.40%
Heap Memory Usage: 1.40%
Heap Memory Usage: 1.41%
Heap Memory Usage: 1.41%
Heap Memory Usage: 1.41%
Heap Memory Usage: 1.41%

Heap Memory Usage: 1.43%
Heap Memory Usage: 1.43%
Heap Memory Usage: 1.44%

API2 • _restrictToContributors – Parent inheritance: Token is instance admin

API2 • _restrictToContributors – Parent inheritance: Token is instance admin
Heap Memory Usage: 1.42%
Heap Memory Usage: 1.42%
Heap Memory Usage: 1.42%
Heap Memory Usage: 1.42%
Heap Memory Usage: 1.42%
Heap Memory Usage: 1.43%
Heap Memory Usage: 1.43%
Heap Memory Usage: 1.43%

API2 • _restrictToLocalAdmins – Parent inheritance: Token is instance admin
Heap Memory Usage: 1.44%

***MEMORY-ERROR***: electron[7968]: GSlice: assertion failed: sinfo->n_allocated > 0
/home/julien/dodoc10/node_modules/electron/dist/electron exited with signal SIGABRT
louis-ev commented 5 months ago

J'ai aussi ce soucis sur ma machine virtuelle linux lorsque j'importe une tripotée de médias qui nécessite de créer un aperçu avec sharp. Le lien me semble clair, tu confirmes de ton côté ?

Je créer une branche qui combine dodoc2-next-fix_windows + dodoc2-next-node pour voir si ça vient de sharp ou d'electron (à tous les coups le soucis vient de sharp dans electron, ça permettra de confirmer que hors electron on est bon).

La branche s'appelle dodoc2-next-node-update_deps si tu veux tester aussi.

louis-ev commented 5 months ago

Ça marche très bien : le soucis est côté electron, donc.

jubonhomme commented 5 months ago

Oui je viens de refaire un test sur cette branche et aucun plantage... C'est donc bien du côté electron

louis-ev commented 5 months ago

J'ai trouvé une solution (pas géniale) : revenir à sharp 0.31.3 Donc 0.33.3 a l'air d'avoir un soucis.

Du coup pour une release ça me semble pas trop problématique, mais à résoudre plus tard (10.1 ?). Pour revenir à 0.31.3 sur Linux pas de soucis, par contre sur macOS j'ai du désinstaller libvips : brew uninstall vips

J'imagine que la 0.31.3 s’attend pas à voir installé une version récente de libvips en global (que doit installer la 0.33.3 à l'installation).

louis-ev commented 5 months ago

Je test partout dodoc2-next-fix_windows qui contient la résolution.

jubonhomme commented 5 months ago

Je suis repassé sur la nouvelle branche avec electron et sharp en 0.31.3 : dodoc2-next-fix_windows

J'ai essayé pas mal de choses et ça n'a pas encore planté... je ne certifie pas à 100% mais pour le moment ça m'a l'air pas mal du tout sous linux

jubonhomme commented 5 months ago

Petite question dans ce fil comme on est dans la stabilisation finale. Quand je build j'ai un messages d'alerte 

120 packages are looking for funding
  run `npm fund` for details
29 vulnerabilities (1 low, 14 moderate, 11 high, 3 critical)

Question de novice : est-que ça n'est pas l'occasion de mettre à jour ces dépendances ou bien on risque encore de tout casser ?

louis-ev commented 5 months ago

Tu es dans /client ou pas ? Tu peux tenter un npm audit et voir ce que ça donne, j'essayerai à l'occasion. Les dépendances côté client pourraient être maj oui, faut voir si on gagne vraiment quelquechose.

jubonhomme commented 5 months ago

Voilà ce que donne audit dans client/


julien@CM57-DEL12:~/dodoc10/client$ npm audit
# npm audit report

@babel/traverse  <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse

@sideway/formula  3.0.0
Severity: moderate
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability - https://github.com/advisories/GHSA-c2jc-4fpr-4vhg
fix available via `npm audit fix`
node_modules/@sideway/formula

ansi-regex  3.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/log-update/node_modules/ansi-regex

async  2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async

axios  0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install axios@1.6.8, which is a breaking change
node_modules/axios

engine.io  4.0.0 - 6.4.1
Severity: moderate
Uncaught exception in engine.io - https://github.com/advisories/GHSA-r7qp-cfhv-p84w
engine.io Uncaught Exception vulnerability - https://github.com/advisories/GHSA-q9mw-68c2-j6m5
fix available via `npm audit fix`
node_modules/engine.io

es5-ext  0.10.1 - 0.10.62
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` - https://github.com/advisories/GHSA-4gmj-3p3h-gm8h
fix available via `npm audit fix`
node_modules/es5-ext

express  <4.19.2
Severity: moderate
Express.js Open Redirect in malformed URLs - https://github.com/advisories/GHSA-rv95-896h-c2vc
fix available via `npm audit fix`
node_modules/express

follow-redirects  <=1.15.5
Severity: moderate
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
fix available via `npm audit fix`
node_modules/follow-redirects

ip  <1.1.9
Severity: moderate
NPM IP package incorrectly identifies some private IP addresses as public - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix`
node_modules/ip

json5  <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5
node_modules/loader-utils/node_modules/json5

loader-utils  <=1.4.1 || 2.0.0 - 2.0.3
Severity: critical
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
fix available via `npm audit fix`
node_modules/loader-utils
node_modules/raw-loader/node_modules/loader-utils
node_modules/thread-loader/node_modules/loader-utils
node_modules/vue-loader/node_modules/loader-utils

node-forge  <=1.2.1
Severity: high
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
fix available via `npm audit fix`
node_modules/node-forge

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install @vue/cli-service@3.3.1, which is a breaking change
node_modules/@vue/component-compiler-utils/node_modules/postcss
node_modules/postcss
  @vue/component-compiler-utils  *
  Depends on vulnerable versions of postcss
  node_modules/@vue/component-compiler-utils
    @vue/cli-service  *
    Depends on vulnerable versions of @vue/component-compiler-utils
    Depends on vulnerable versions of vue-loader
    node_modules/@vue/cli-service
    vue-loader  15.0.0-beta.1 - 15.11.1
    Depends on vulnerable versions of @vue/component-compiler-utils
    node_modules/@vue/vue-loader-v15

quill  <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill

semver  <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@vue/babel-preset-app/node_modules/semver
node_modules/@vue/cli-shared-utils/node_modules/semver
node_modules/cross-spawn/node_modules/semver
node_modules/css-loader/node_modules/semver
node_modules/eslint-plugin-vue/node_modules/semver
node_modules/eslint/node_modules/semver
node_modules/less/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/postcss-loader/node_modules/semver
node_modules/semver
node_modules/vue-eslint-parser/node_modules/semver

snyk  <=1.1063.0
Severity: high
snyk Code Injection vulnerability - https://github.com/advisories/GHSA-4vrv-93c7-m92j
Snyk CLI affected by Command Injection vulnerability - https://github.com/advisories/GHSA-hpqj-7cj6-hfj8
Snyk plugins vulnerable to Command Injection - https://github.com/advisories/GHSA-4x6g-3cmx-w76r
fix available via `npm audit fix`
node_modules/snyk

socket.io-parser  4.0.4 - 4.2.2
Severity: high
Insufficient validation when decoding a Socket.IO packet - https://github.com/advisories/GHSA-cqmj-92xf-r6r9
fix available via `npm audit fix --force`
Will install rtcmulticonnection@2.2.5, which is a breaking change
node_modules/socket.io-client/node_modules/socket.io-parser
node_modules/socket.io-parser
  socket.io  4.1.3 - 4.5.1
  Depends on vulnerable versions of socket.io-parser
  node_modules/socket.io
    rtcmulticonnection  3.4.5 - 3.5.9 || >=3.6.3
    Depends on vulnerable versions of rtcmulticonnection-server
    Depends on vulnerable versions of socket.io
    node_modules/rtcmulticonnection
    rtcmulticonnection-server  *
    Depends on vulnerable versions of socket.io
    node_modules/rtcmulticonnection-server

terser  5.0.0 - 5.14.1
Severity: high
Terser insecure use of regular expressions leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/tough-cookie

webpack  5.0.0 - 5.75.0
Severity: critical
Cross-realm object access in Webpack 5 - https://github.com/advisories/GHSA-hc6q-2mpp-qw7j
fix available via `npm audit fix`
node_modules/webpack

webpack-dev-middleware  <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix`
node_modules/webpack-dev-middleware

word-wrap  <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap

29 vulnerabilities (1 low, 14 moderate, 11 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.
julien@CM57-DEL12:~/dodoc10/client$ `
louis-ev commented 5 months ago

Résolu