search

vladimiry / ElectronMail

Unofficial ProtonMail Desktop App
GNU General Public License v3.0
1.5k stars 97 forks source link

Hightlight.js depreciated #354

Closed CodeCracker-oss closed 3 years ago

CodeCracker-oss commented 3 years ago

Hello,

During the build process it outputs a warning informing that the proton-account node module Highlight.js V9 is depreciated, suggesting upgradeing to V10.

vladimiry commented 3 years ago

You see that when the @ProtonMail's web clients building is happening. So the issue is at their side. I'd recommend placing the issue in https://github.com/ProtonMail/proton-mail tracker. The issue is not just in outdated hightlight.js use but also there are at least 4 dependencies with reported high level vulnerabilities.

npm notice [SECURITY] lodash has the following vulnerability: 1 high. Go here for more details: https://www.npmjs.com/advisories?search=lodash&version=4.17.20 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm notice [SECURITY] set-value has the following vulnerability: 1 high. Go here for more details: https://www.npmjs.com/advisories?search=set-value&version=2.0.1 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm notice [SECURITY] url-regex has the following vulnerability: 1 high. Go here for more details: https://www.npmjs.com/advisories?search=url-regex&version=3.2.0 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm notice [SECURITY] minimist has the following vulnerability: 1 low. Go here for more details: https://www.npmjs.com/advisories?search=minimist&version=0.0.8 - Run `npm i npm@latest -g` to upgrade your npm version, and then `npm audit` to get more info.
npm WARN lifecycle The node binary used for scripts is /tmp/yarn--1607059629291-0.5097385701290544/node but npm is using /home/appveyor/.nvm/versions/node/v12.20.0/bin/node itself. Use the `--scripts-prepend-node-path` option to include the path for the node binary npm was executed with.
> core-js-pure@3.8.0 postinstall /home/appveyor/projects/electronmail/output/git/proton-mail/node_modules/core-js-pure
> node -e "try{require('./postinstall')}catch(e){}"
> highlight.js@9.18.5 postinstall /home/appveyor/projects/electronmail/output/git/proton-mail/node_modules/highlight.js
> node deprecated.js
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
  Verion 9 of Highlight.js has reached EOL.  It will no longer
  be supported or receive security updates in the future.
  Please upgrade to version 10 or encourage your indirect
  dependencies to do so.
  For more info:

  https://github.com/highlightjs/highlight.js/issues/2877
  https://github.com/highlightjs/highlight.js/blob/master/VERSION_10_UPGRADE.md

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*