NPM audit to fix - Githubissues

matthewmueller / x-ray

The next web scraper. See through the <html> noise.

MIT License

5.87k stars 349 forks source link

NPM audit to fix #316

Closed gallofeliz closed 5 years ago

gallofeliz commented 6 years ago

Subject of the issue

Hi, npm audit alerts me about vulnerabilities. We need to fix debug and cheerio (for x-ray-crawler) dependencies.

Your environment

version of node: 9.4.0
version of npm: 6.2.0

Steps to reproduce

npm audit

Expected behaviour

Should not throw alerts

Actual behaviour

Throws 2 alerts

fadavi commented 5 years ago

Any solution/workaround for this issue?

lathropd commented 5 years ago

We need to bump the debug versions in both x-ray and x-ray-crawler.

@felipemp addressed this in https://github.com/matthewmueller/x-ray/pull/321/commits, but it doesn't pass CI.

SProst commented 5 years ago

@lathropd It looks like it did pass with Node version 11.1.0. It failed on the other versions of Node. Depending on whether the upgrade to the library broke backward compatibility, it might be necessary to evaluate the feasibility of dropping support for older versions of Node (<= Node 5).

lathropd commented 5 years ago

I think you’re right. Our dependencies seem to be causing those failures all over the place.

@matthewmueller, any objection to moving minimum to Node 6 (currently in LTS status) to keep our CI tests working?

lathropd commented 5 years ago

Fixed by https://github.com/matthewmueller/x-ray/tree/2.3.4