Update npm dependencies #36
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ npm --version 8.19.3 $ npm install npm WARN old lockfile npm WARN old lockfile The package-lock.json file was created with an old version of npm, npm WARN old lockfile so supplemental metadata must be fetched from the registry. npm WARN old lockfile npm WARN old lockfile This is a one-time fix-up, please be patient... npm WARN old lockfile npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated w3c-hr-time@1.0.2: Use your platform's native performance.now() and performance.timeOrigin. npm WARN deprecated source-map-url@0.4.0: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated request-promise-native@1.0.8: request-promise-native has been deprecated because it extends the now deprecated request package, see request/request#3142 npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added npm WARN deprecated request@2.88.2: request has been deprecated, see request/request#3142 npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) npm WARN deprecated puppeteer@2.1.1: < 19.4.0 is no longer supported npm WARN deprecated ini@1.3.5: Please update to ini >=1.3.6 to avoid a prototype pollution issue npm WARN deprecated har-validator@5.1.3: this library is no longer supported npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (debug-js/debug#797) npm WARN deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (debug-js/debug#797) npm WARN deprecated @zeit/ncc@0.21.1: @zeit/ncc is no longer maintained. Please use @vercel/ncc instead. added 917 packages, and audited 918 packages in 56s 34 packages are looking for funding run `npm fund` for details 48 vulnerabilities (27 moderate, 16 high, 5 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details.
$ npm audit fix npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see request/request#3142 npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated har-validator@5.1.5: this library is no longer supported added 118 packages, removed 113 packages, changed 321 packages, and audited 923 packages in 22s 59 packages are looking for funding run `npm fund` for details # npm audit report jsdom <=16.5.3 Severity: moderate Insufficient Granularity of Access Control in JSDom - GHSA-f4c9-cqv8-9v98 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-native fix available via `npm audit fix --force` Will install jest@29.5.0, which is a breaking change node_modules/jsdom jest-environment-jsdom 10.0.2 - 25.5.0 Depends on vulnerable versions of jsdom node_modules/jest-environment-jsdom jest-config 12.1.1-alpha.2935e14d - 25.5.4 Depends on vulnerable versions of @jest/test-sequencer Depends on vulnerable versions of jest-environment-jsdom Depends on vulnerable versions of jest-jasmine2 node_modules/jest-config jest-cli 12.1.1-alpha.2935e14d || 12.1.2-alpha.6230044c - 25.5.4 Depends on vulnerable versions of @jest/core Depends on vulnerable versions of jest-config node_modules/jest-cli jest 24.2.0-alpha.0 - 25.5.4 Depends on vulnerable versions of @jest/core Depends on vulnerable versions of jest-cli node_modules/jest jest-runner 21.0.0-alpha.1 - 25.5.4 Depends on vulnerable versions of jest-config Depends on vulnerable versions of jest-jasmine2 Depends on vulnerable versions of jest-runtime node_modules/jest-runner @jest/test-sequencer <=25.5.4 Depends on vulnerable versions of jest-runner Depends on vulnerable versions of jest-runtime node_modules/@jest/test-sequencer jest-runtime 12.1.1-alpha.2935e14d - 25.5.4 Depends on vulnerable versions of jest-config node_modules/jest-runtime jest-jasmine2 24.2.0-alpha.0 - 25.5.4 Depends on vulnerable versions of jest-runtime node_modules/jest-jasmine2 node-notifier <8.0.1 Severity: moderate OS Command Injection in node-notifier - GHSA-5fw9-fq32-wv5p fix available via `npm audit fix --force` Will install jest@29.5.0, which is a breaking change node_modules/node-notifier @jest/reporters <=26.4.0 Depends on vulnerable versions of node-notifier node_modules/@jest/reporters @jest/core <=25.5.4 Depends on vulnerable versions of @jest/reporters Depends on vulnerable versions of jest-config Depends on vulnerable versions of jest-runner Depends on vulnerable versions of jest-runtime node_modules/@jest/core request * Severity: moderate Server-Side Request Forgery in Request - GHSA-p8p7-x288-28g6 fix available via `npm audit fix --force` Will install jest@29.5.0, which is a breaking change node_modules/request request-promise-core * Depends on vulnerable versions of request node_modules/request-promise-core request-promise-native >=1.0.0 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-core node_modules/request-promise-native 15 moderate severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force
$ npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating jest to 29.5.0, which is a SemVer major change. added 37 packages, removed 272 packages, changed 89 packages, and audited 688 packages in 8s 63 packages are looking for funding run `npm fund` for details found 0 vulnerabilities
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.