Open eddybl opened 3 weeks ago
Thanks for the report and suggestion.
I have updated some dependencies in package.json and package-lock.json for both frontend and backend.
Currently on my Node.js 20.12.2 environment on Windows 10, backend does not display warnings or vulnerabilities.
However, there are still warnings and vulnerabilities on frontend, most of which result from "@vue/cli-service" package that depends on some old version packages.
We can keep this issue ticket open, and I still need time to consider if I should replace "@vue/cli-service" package or find other solutions.
Hey,
thanks a lot, this already looks great! I can confirm your results.
Just another quick thing I noticed: in the package.json
of both front- and backend a version
is defined. Not sure if you want to keep this in sync with the Github releases, but both are still von 2.0.0
Thanks for pointing this out, I have updated the version in package.json for both frontend and backend.
And another question: Do you see any issues with using MongoDB 7.0 instead of 6.0?
Clog2 just uses very basic features of MongoDB, and it does not use transaction or other new features of MongoDB, so I think any version of MongoDB should work as long as the mongoose
driver package is compatible with the MongoDB version.
Just now I installed MongoDB 7.0.8 Community version on another computer, cloned the Clog2 source code, and restored the database in docs/database
folder, it seems to work properly.
Currently I am trying to build clog2 in a Docker envoirnment
According to the readme node.js version 16.19.0 should be used, but according to the node.js homepage: https://endoflife.date/nodejs 16.* is not maintained any more.
Would it be possible to raise the base node.js version to one of the supported LTS versions:
I tried using the LTS 18.* version which seemed to work, but I get quite a lot of deprecation warnings and vulnerabilities reported
Frontend
In addition some vulnerabilities:
Backend
Vulnerabilities:
Trying to use node.js LTS 20.* there are issues with
achrinza/node-ipc@9.2.6
not being compatible.All in all, I guess most issues can be resolved by carefully updating the main dependencies to more recent versions. Do you see there any blockers to do that?