Closed CodeCracker-oss closed 3 years ago
You see that when the @ProtonMail's web clients building is happening. So the issue is at their side. I'd recommend placing the issue in https://github.com/ProtonMail/proton-mail tracker. The issue is not just in outdated hightlight.js use but also there are at least 4 dependencies with reported high level vulnerabilities.
npm notice [SECURITY] lodash has the following vulnerability: 1 high. Go here for more details: https://www.npmjs.com/advisories?search=lodash&version=4.17.20 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm notice [SECURITY] set-value has the following vulnerability: 1 high. Go here for more details: https://www.npmjs.com/advisories?search=set-value&version=2.0.1 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm notice [SECURITY] url-regex has the following vulnerability: 1 high. Go here for more details: https://www.npmjs.com/advisories?search=url-regex&version=3.2.0 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm notice [SECURITY] minimist has the following vulnerability: 1 low. Go here for more details: https://www.npmjs.com/advisories?search=minimist&version=0.0.8 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm WARN lifecycle The node binary used for scripts is /tmp/yarn--1607059629291-0.5097385701290544/node but npm is using /home/appveyor/.nvm/versions/node/v12.20.0/bin/node itself. Use the `--scripts-prepend-node-path` option to include the path for the node binary npm was executed with.
> core-js-pure@3.8.0 postinstall /home/appveyor/projects/electronmail/output/git/proton-mail/node_modules/core-js-pure
> node -e "try{require('./postinstall')}catch(e){}"
> highlight.js@9.18.5 postinstall /home/appveyor/projects/electronmail/output/git/proton-mail/node_modules/highlight.js
> node deprecated.js
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Verion 9 of Highlight.js has reached EOL. It will no longer
be supported or receive security updates in the future.
Please upgrade to version 10 or encourage your indirect
dependencies to do so.
For more info:
https://github.com/highlightjs/highlight.js/issues/2877
https://github.com/highlightjs/highlight.js/blob/master/VERSION_10_UPGRADE.md
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Hello,
During the build process it outputs a warning informing that the proton-account node module Highlight.js V9 is depreciated, suggesting upgradeing to V10.