search

nikeee / dot-vscode

MIT License
1 stars 1 forks source link

Graphviz Support #4

Open CarlKnox opened 4 years ago

CarlKnox commented 4 years ago

I'm challenged to get this working on my system. That's OK, as I've found efanzh.graphviz-preview (current only supports the DOT layout engine) to be more responsive and offer additional export options.

[PowerShell command prompt]
C:\workspace> cd .\dot-vscode\
C:\workspace\dot-vscode [master ≡ +1 ~3 -0 !]> npm install

> dot-vscode@0.1.0 postinstall C:\workspace\dot-vscode
> node ./node_modules/vscode/bin/install

Detected VS Code engine version: ^1.16.0
Found minimal version that qualifies engine range: 1.16.0
Fetching vscode.d.ts from: https://raw.githubusercontent.com/Microsoft/vscode/787b31c0474e6165390b5a5989c9619e3e16f953/src/vs/vscode.d.ts
vscode.d.ts successfully installed!

audited 137 packages in 3.429s
found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
C:\workspace\dot-vscode [master ≡ +1 ~3 -0 !]> npm audit fix
up to date in 0.36s
fixed 0 of 1 vulnerability in 137 scanned packages
  1 vulnerability required manual review and could not be updated
C:\workspace\dot-vscode [master ≡ +1 ~3 -0 !]>

I don't get an advisory telling me which package is at fault, however, I suspect it has to do with graphviz since this isn't working for me. I'll let you know if I find anything.

nikeee commented 4 years ago

I just updated to the latest patch versions of the dependencies. It seems that a transitive dependency of the vscode dependency is affected:


┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ vscode                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ vscode > mocha > mkdirp > minimist                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 84 scanned packages
  1 vulnerability requires manual review. See the full report for details.

(via npm audit)

I looked into the report and I think its non critical and is not related to graphviz.