search

railsware / bozon

🛠 Command line tool for building, testing and publishing modern Electron applications
MIT License
758 stars 52 forks source link

Found 2 vulnerabilities (1 moderate, 1 high) after installed bozon #64

Closed Dahkenangnon closed 4 years ago

Dahkenangnon commented 4 years ago

Afther starting new electron app with bozon new appName

PS C:\Users\justi\OneDrive\Bureau\Electron> bozon new HornelleTop

Welcome to Bozon! You're about to start new Electron application, but first answer a few questions about your project:

? What is the name of your app? HornelleTop ? Please specify author name (ex: John Doe): Justin Dah-kenangnon create .gitignore create package.json create webpack.config.js create LICENSE create README.md create src\main\index.js create src\preload\index.js create src\renderer\index.html create src\renderer\stylesheets\application.css create src\renderer\javascripts\index.js create resources\icon.icns create resources\icon.ico create config\settings.json create config\environments\development.json create config\environments\production.json create config\environments\test.json create config\platforms\windows.json create config\platforms\linux.json create config\platforms\mac.json create test\features\main_spec.js create test\helper.js Running npm install.. npm WARN deprecated webdriverio@4.14.4: outdated version, please use @next npm WARN deprecated core-js@2.6.11: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

electron-chromedriver@7.0.0 install C:\Users\justi\OneDrive\Bureau\Electron\hornelle_top\node_modules\electron-chromedriver node ./download-chromedriver.js

core-js@2.6.11 postinstall C:\Users\justi\OneDrive\Bureau\Electron\hornelle_top\node_modules\babel-runtime\node_modules\core-js node -e "try{require('./postinstall')}catch(e){}"

Thank you for using core-js ( https://github.com/zloirock/core-js ) for polyfilling JavaScript standard library!

The project needs your help! Please consider supporting of core-js on Open Collective or Patreon:

https://opencollective.com/core-js https://www.patreon.com/zloirock

Also, the author of core-js ( https://github.com/zloirock ) is looking for a good job -)

core-js@3.6.4 postinstall C:\Users\justi\OneDrive\Bureau\Electron\hornelle_top\node_modules\core-js node -e "try{require('./postinstall')}catch(e){}"

ejs@2.7.4 postinstall C:\Users\justi\OneDrive\Bureau\Electron\hornelle_top\node_modules\dmg-builder\node_modules\ejs node ./postinstall.js

Thank you for installing EJS: built with the Jake JavaScript build tool (https://jakejs.com/)

ejs@3.0.1 postinstall C:\Users\justi\OneDrive\Bureau\Electron\hornelle_top\node_modules\ejs node ./postinstall.js

Thank you for installing EJS: built with the Jake JavaScript build tool (https://jakejs.com/)

electron@7.1.9 postinstall C:\Users\justi\OneDrive\Bureau\Electron\hornelle_top\node_modules\electron node install.js

npm notice created a lockfile as package-lock.json. You should commit this file. npm WARN HornelleTop@0.1.0 No repository field. npm WARN HornelleTop@0.1.0 No license field. npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.11 (node_modules\watchpack\node_modules\fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.11: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"}) npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.2 (node_modules\fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

added 1019 packages from 973 contributors and audited 6460 packages in 603.283s

25 packages are looking for funding run npm fund for details

found 2 vulnerabilities (1 moderate, 1 high)

run npm audit fix to fix them, or npm audit for details

Success! Created hornelle_top at C:\Users\justi\OneDrive\Bureau\Electron\hornelle_top Inside that directory, you can run several commands:

bozon start Starts the Electron app in development mode.

bozon test Starts the test runner.

bozon package Packages Electron application for specified platform.

We suggest you to start with typing: cd hornelle_top bozon start

PS C:\Users\justi\OneDrive\Bureau\Electron> cd hornelle_top

I try running : npm audit fix but i got this:

`PS C:\Users\justi\OneDrive\Bureau\Electron\hornelle_top> npm audit fix npm WARN HornelleTop@0.1.0 No repository field. npm WARN HornelleTop@0.1.0 No license field. npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.2 (node_modules\fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"}) npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.11 (node_modules\watchpack\node_modules\fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.11: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

up to date in 68.324s

25 packages are looking for funding run npm fund for details

fixed 0 of 2 vulnerabilities in 6460 scanned packages 2 vulnerabilities required manual review and could not be updated PS C:\Users\justi\OneDrive\Bureau\Electron\hornelle_top> `

Any thing to make in order to resolve this ?

alchaplinsky commented 4 years ago

You can add resolutions key to your package.json and specify versions of packages in which those vulnerabilities were fixed.