Bump dependency versions to fix security issues

rbren / rss-parser

A lightweight RSS parser, for Node and the browser

MIT License

1.38k stars 209 forks source link

Bump dependency versions to fix security issues #247

Closed Arisamiga closed 1 year ago

Arisamiga commented 1 year ago

Updated the following dependencies to fix vulnerabilities.

babel-loader
Mocha ( Also added --reporter-option maxDiffSize=0 flag as the default would be maximum 8192 characters before generating a diff )
xml2js

Also updated package-lock.json to a newer lockfileVersion (1 -> 3)

This closes #246

Eejit43 commented 1 year ago

@rbren it would be great to get this merged :)

rbren commented 1 year ago

Looks like tests are failing sadly

Run npm ci
npm ERR! Cannot read property 'entities' of undefined

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2023-0[4](https://github.com/rbren/rss-parser/actions/runs/4650299098/jobs/8271299720?pr=247#step:4:5)-11T18_4[6](https://github.com/rbren/rss-parser/actions/runs/4650299098/jobs/8271299720?pr=247#step:4:7)_49_1[8](https://github.com/rbren/rss-parser/actions/runs/4650299098/jobs/8271299720?pr=247#step:4:9)2Z-debug.log
Error: Process completed with exit code 1.

Arisamiga commented 1 year ago

Looks like tests are failing sadly
Run npm ci
npm ERR! Cannot read property 'entities' of undefined

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2023-0[4](https://github.com/rbren/rss-parser/actions/runs/4650299098/jobs/8271299720?pr=247#step:4:5)-11T18_4[6](https://github.com/rbren/rss-parser/actions/runs/4650299098/jobs/8271299720?pr=247#step:4:7)_49_1[8](https://github.com/rbren/rss-parser/actions/runs/4650299098/jobs/8271299720?pr=247#step:4:9)2Z-debug.log
Error: Process completed with exit code 1.
There seemed to be a problem with the babel dependencies. This should be fixed with this commit https://github.com/rbren/rss-parser/pull/247/commits/8e962eb86c27964fd2924a05cfadda0ed6dec057 👍

rbren commented 1 year ago

Still something funky. I tried updating the github action deps but no luck

Arisamiga commented 1 year ago

Still something funky. I tried updating the github action deps but no luck

Yea, I will try to figure it out. It's weird tho because it worked fine locally

Arisamiga commented 1 year ago

Still something funky. I tried updating the github action deps but no luck

The issue seemed to be the lockfile-version as the lockfileVersion 3 doesn't support npm 5 and 6 so I downgraded it to 2 which supports both v5,v6, and v7 npm versions

For more info: https://nexss.com/21_Node.js/lockfileVersion-issue/nexss-blog.html

This should be fixed now 👍

OIRNOIR commented 1 year ago

Let me know when the new version gets released on NPM

rbren commented 1 year ago

Published as 3.13.0