Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: starters_validate failing builds because of npm vulnerabilities #21831

Closed
tesseralis opened this issue Feb 28, 2020 · 7 comments
Closed

fix: starters_validate failing builds because of npm vulnerabilities #21831

tesseralis opened this issue Feb 28, 2020 · 7 comments
Labels
help wanted Issue with a clear description that the community can help with. stale? Issue that may be closed soon due to the original author not responding any more. type: bug An issue or pull request relating to a bug in Gatsby

Comments

@tesseralis
Copy link
Contributor

Description

The starters_validate check is failing on all builds because of vulnerabilities found by npm's automatic audit. Run npm audit fix to resolve these.
@tesseralis tesseralis added type: bug An issue or pull request relating to a bug in Gatsby help wanted Issue with a clear description that the community can help with. impact: high labels Feb 28, 2020
@tesseralis tesseralis mentioned this issue Feb 28, 2020
Closed
@yurist38 yurist38 mentioned this issue Mar 1, 2020
Merged
@jordanlesich
Copy link

I've been recieving similar errors on my laptop. My desktop PC simply wouldn't load any plugin from npm. I had assumed it was becuase of a space in the naming of my windows user account (a common problem apparently). I can load a plugin on my laptop, but I get this message in command prompt:


> npm WARN tsutils@3.17.1 requires a peer of typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta but none is installed. You must install peer dependencies yourself.
> npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.1.2 (node_modules\chokidar\node_modules\fsevents):
> npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
> npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.11 (node_modules\fsevents):
> npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.11: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})
> 
> + gatsby-source-filesystem@2.1.48
> updated 1 package and audited 23125 packages in 23.329s
> 
> 40 packages are looking for funding
>   run `npm fund` for details
> 
> found 9 high severity vulnerabilities
>   run `npm audit fix` to fix them, or `npm audit` for details

What concerns me the most is the high severity vulnerabilities. Am I good to go ahead and make sites while these exist? Sorry, I'm new to Gatsby, and kind of new to web dev in general. I've never had this much trouble with configuration before.

On my desktop, I recieved pages full of the 'npm WARN notsup SKIPPING OPTIONAL DEPENDENCY:' error, then the plugin wouldn't load. I tried to follow the Gatsby Windows instructions on the desktop PC, but kept finding dead ends. Some research told me that some of the problems might have been caused by the space in the username. However, I'm still recieving problems on my laptop, which does not contain that space. The error on my laptop isn't exactly as desried here, but the desktop errors sound pretty close.

@jordanlesich
Copy link

I also definitely tried, 'npm run audit'. It said that 0 of 9 were fixed and that I would have to fix them manually. That's a bit beyond my comfort level with Gatsby as it is pretty much my first time using it.

@masoudkarimif masoudkarimif mentioned this issue Mar 8, 2020
Merged
@comoser comoser mentioned this issue Mar 16, 2020
Closed
@github-actions
Copy link

Hiya!

This issue has gone quiet. Spooky quiet. 👻

We get a lot of issues, so we currently close issues after 30 days of inactivity. It’s been at least 20 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. Check out gatsby.dev/contribute for more information about opening PRs, triaging issues, and contributing!

Thanks for being a part of the Gatsby community! 💪💜

@github-actions github-actions bot added the stale? Issue that may be closed soon due to the original author not responding any more. label Mar 26, 2020
@masoudkarimif masoudkarimif mentioned this issue Mar 30, 2020
Merged
@chriswales95
Copy link

chriswales95 commented Apr 1, 2020
edited

Hi everyone,

was also going to being using Gatsby but decided not to hold off on it because of the number of vulnerabilities when generating fresh builds.

Any news on this?

@github-actions github-actions bot removed the stale? Issue that may be closed soon due to the original author not responding any more. label Apr 2, 2020
@chriswales95
Copy link

Seems that the high security vulnerabilities have been resolved 👍

@pieh pieh mentioned this issue Apr 4, 2020
Merged
@github-actions
Copy link

Hiya!

This issue has gone quiet. Spooky quiet. 👻

We get a lot of issues, so we currently close issues after 30 days of inactivity. It’s been at least 20 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. Check out gatsby.dev/contribute for more information about opening PRs, triaging issues, and contributing!

Thanks for being a part of the Gatsby community! 💪💜

@github-actions github-actions bot added the stale? Issue that may be closed soon due to the original author not responding any more. label Apr 23, 2020
@github-actions
Copy link

github-actions bot commented May 3, 2020

Hey again!

It’s been 30 days since anything happened on this issue, so our friendly neighborhood robot (that’s me!) is going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error, I’m HUMAN_EMOTION_SORRY. Please feel free to reopen this issue or create a new one if you need anything else.
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. Check out gatsby.dev/contribute for more information about opening PRs, triaging issues, and contributing!

Thanks again for being part of the Gatsby community! 💪💜

@github-actions github-actions bot closed this as completed May 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Issue with a clear description that the community can help with. stale? Issue that may be closed soon due to the original author not responding any more. type: bug An issue or pull request relating to a bug in Gatsby
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Update deps to fix starters validate gatsbyjs/gatsby
3 participants
@tesseralis @chriswales95 @jordanlesich