search

magento / magento2

Prior to making any Submission(s), you must sign an Adobe Contributor License Agreement, available here at: https://opensource.adobe.com/cla.html. All Submissions you make to Adobe Inc. and its affiliates, assigns and subsidiaries (collectively “Adobe”) are subject to the terms of the Adobe Contributor License Agreement.
http://www.magento.com
Open Software License 3.0
11.55k stars 9.32k forks source link

Resolve Node.js warnings (dependencies) #21403

Closed DanielRuf closed 3 years ago

DanielRuf commented 5 years ago

Preconditions (*)

  1. in magento root/ rename package.json.example to package.json
  2. npm install

Steps to reproduce (*)

  1. Install the depencies with Yarn / npm
  2. npm audit

Expected result (*)

  1. [No outdated / insecure dependencies.

Actual result (*)

warning grunt-autoprefixer > autoprefixer-core > browserslist@0.4.0: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
warning grunt-contrib-connect > http2@3.3.7: Use the built-in module in node 9.0.0 or newer, instead
warning grunt-contrib-imagemin > imagemin > imagemin-jpegtran > jpegtran-bin > bin-build > download > gulp-decompress > gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning grunt-contrib-less > less > request > hawk > cryptiles@2.0.5: This version is no longer maintained. Please upgrade to the latest version.
warning grunt-contrib-less > less > request > hawk > hoek@2.16.3: This version is no longer maintained. Please upgrade to the latest version.
warning grunt-contrib-less > less > request > hawk > sntp > hoek@2.16.3: This version is no longer maintained. Please upgrade to the latest version.
warning grunt-contrib-less > less > request > hawk > boom@2.10.1: This version is no longer maintained. Please upgrade to the latest version.
warning grunt-contrib-less > less > request > hawk > cryptiles > boom@2.10.1: This version is no longer maintained. Please upgrade to the latest version.
warning grunt-contrib-less > less > request > hawk > boom > hoek@2.16.3: This version is no longer maintained. Please upgrade to the latest version.
warning grunt-eslint > eslint > file-entry-cache > flat-cache > circular-json@0.3.3: CircularJSON is in maintenance only, flatted is its successor.
warning grunt-jscs > jscs > jscs-preset-wikimedia@1.0.1: Deprecated in favour of eslint-config-wikimedia. -- https://phabricator.wikimedia.org/T118941
warning grunt-jscs > jscs > jsonlint > nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
warning grunt-replace > applause > cson-parser > coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
warning grunt-styledocco > styledocco > jade@0.23.0: Jade has been renamed to pug, please install the latest version of pug instead of jade
warning load-grunt-config > cson > coffee-script@1.12.7: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
warning node-minify > babel-preset-babili@0.0.12: babili has been renamed to babel-minify. Please update to babel-preset-minify
yarn audit
...
60 vulnerabilities found - Packages audited: 10367
Severity: 33 Low | 23 Moderate | 4 High
magento-engcom-team commented 5 years ago

Hi @DanielRuf. Thank you for your report. To help us process this issue please make sure that you provided the following information:

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento-engcom-team give me 2.3-develop instance - upcoming 2.3.x release

For more details, please, review the Magento Contributor Assistant documentation.

@DanielRuf do you confirm that you was able to reproduce the issue on vanilla Magento instance following steps to reproduce?

magento-engcom-team commented 5 years ago

Hi @engcom-backlog-nazar. Thank you for working on this issue. In order to make sure that issue has enough information and ready for development, please read and check the following instruction: :point_down:

ghost commented 5 years ago

HI @DanielRuf thank you for you report, Can someone solve it here? I'm afraid that this ticket may hang here for a long time

DanielRuf commented 5 years ago

@magento-engcom-team give me 2.2-develop instance

magento-engcom-team commented 5 years ago

Hi @DanielRuf. Thank you for your request. I'm working on Magento 2.2-develop instance for you

DanielRuf commented 5 years ago

@magento-engcom-team give me 2.2.7 instance

magento-engcom-team commented 5 years ago

Hi @DanielRuf. Thank you for your request. I'm working on Magento 2.2.7 instance for you

magento-engcom-team commented 5 years ago

Hi @DanielRuf, here is your Magento instance. Admin access: https://i-21403-2-2-develop.instances.magento-community.engineering/admin Login: admin Password: 123123q Instance will be terminated in up to 3 hours.

magento-engcom-team commented 5 years ago

:white_check_mark: Confirmed by @engcom-backlog-nazar Thank you for verifying the issue. Based on the provided information internal tickets MAGETWO-98382, MAGETWO-98383 were created

Issue Available: @engcom-backlog-nazar, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 14 days if no further activity occurs. Is this issue still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? Thank you for your contributions!

magento-engcom-team commented 3 years ago

Hi @DanielRuf.

Thank you for your report and collaboration!

The related internal Jira ticket MC-24319 was closed as Fixed.

The fix will be available with the upcoming 2.4.3 release.