Skip to content
This repository was archived by the owner on Sep 20, 2021. It is now read-only.

customer-portal: npm deprecation errors and warnings #44

Open
ghost opened this issue Oct 30, 2018 · 5 comments
Open

customer-portal: npm deprecation errors and warnings #44

ghost opened this issue Oct 30, 2018 · 5 comments
Assignees
@davewood
Labels
work-in-progress
Milestone
Medium priority 2...

Comments

@ghost
Copy link

ghost commented Oct 30, 2018 

cp-server@cp-aec:~/customer-portal$ https_proxy=http://proxy.cert.at:8080 npm install
npm WARN deprecated [email protected]: Deprecated
npm WARN engine [email protected]: wanted: {"node":">= 4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">= 0.12.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated [email protected]: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
npm WARN engine [email protected]: wanted: {"node":">=0.10.0","npm":">=2.1.5"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated [email protected]: connect 2.x series is deprecated
npm WARN engine [email protected]: wanted: {"node":">= 4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated [email protected]: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated [email protected]: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm WARN deprecated [email protected]: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated [email protected]: Browserslist 2 could fail on reading Browserslist >3.0 config used in other tools.
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN engine [email protected]: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">= 0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN optional dep failed, continuing [email protected]
npm WARN engine [email protected]: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4.0.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">= 4.5.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated [email protected]: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated [email protected]: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
npm WARN deprecated [email protected]: this package has been reintegrated into npm and is now out of date with respect to npm
npm WARN deprecated [email protected]: Use uuid module instead
npm WARN engine [email protected]: wanted: {"node":">=6"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: The major version is no longer supported. Please update to 4.x or newer
npm WARN engine [email protected]: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"iojs":">= 1.0.0","node":">= 0.12.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
[...]

cp-server@cp-aec:~/customer-portal$ https_proxy=http://proxy.cert.at:8080 npm install grunt-cli
npm WARN engine [email protected]: wanted: {"node":">=4"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">=0.12"} (current: {"node":"0.10.29","npm":"1.4.21"})
npm WARN engine [email protected]: wanted: {"node":">= 4.5.0"} (current: {"node":"0.10.29","npm":"1.4.21"})
[email protected] node_modules/grunt-cli
├── [email protected]
├── [email protected]
├── [email protected] ([email protected])
├── [email protected] ([email protected], [email protected])
└── [email protected] ([email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
cp-server@cp-aec:~/customer-portal$ https_proxy=http://proxy.cert.at:8080 npm install bower
npm WARN deprecated [email protected]: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
[email protected] node_modules/bower
@davewood
Copy link
Contributor

found 102 vulnerabilities (51 low, 31 moderate, 20 high) in 9674 scanned packages
run npm audit fix to fix 1 of them.
97 vulnerabilities require semver-major dependency updates.
4 vulnerabilities require manual review. See the full report for details.

grunt 1.0.4

found 83 vulnerabilities (46 low, 20 moderate, 17 high) in 9869 scanned packages
run npm audit fix to fix 1 of them.
78 vulnerabilities require semver-major dependency updates.
4 vulnerabilities require manual review. See the full report for details.

npm WARN deprecated [email protected]: We don't recommend using Bower for new projects. Please consider Yarn and Webpack or Parcel. You can read how to migrate legacy project here: https://bower.io/blog/2017/how-to-migrate-away-from-bower/
npm WARN [email protected] requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of grunt@~0.4.2 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of grunt@~0.4.1 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of grunt@~0.4.0 but none is installed. You must install peer dependencies yourself.

found 82 vulnerabilities (45 low, 20 moderate, 17 high) in 10839 scanned packages
78 vulnerabilities require semver-major dependency updates.
4 vulnerabilities require manual review. See the full report for details.

"grunt-jscs": "^3.0.1",

found 85 vulnerabilities (47 low, 23 moderate, 15 high) in 10884 scanned packages
72 vulnerabilities require semver-major dependency updates.
13 vulnerabilities require manual review. See the full report for details.

grunt-contrib-watch": "^1.1.0

found 76 vulnerabilities (44 low, 21 moderate, 11 high) in 10906 scanned packages
63 vulnerabilities require semver-major dependency updates.
13 vulnerabilities require manual review. See the full report for details.

grunt-svgmin": "^5.0.0 (6.0.0 ui-tests dont pass)

found 75 vulnerabilities (44 low, 20 moderate, 11 high) in 10906 scanned packages
62 vulnerabilities require semver-major dependency updates.
13 vulnerabilities require manual review. See the full report for details.

"grunt-contrib-uglify": "^4.0.1",

found 72 vulnerabilities (42 low, 19 moderate, 11 high) in 10812 scanned packages
59 vulnerabilities require semver-major dependency updates.
13 vulnerabilities require manual review. See the full report for details.

grunt-contrib-htmlmin": "^3.0.0

found 68 vulnerabilities (39 low, 19 moderate, 10 high) in 10676 scanned packages
55 vulnerabilities require semver-major dependency updates.
13 vulnerabilities require manual review. See the full report for details.

"grunt-contrib-jshint": "^2.1.0",

found 63 vulnerabilities (37 low, 18 moderate, 8 high) in 10692 scanned packages
50 vulnerabilities require semver-major dependency updates.
13 vulnerabilities require manual review. See the full report for details.

@davewood
Copy link
Contributor

davewood commented Apr 1, 2019

grunt-contrib-imagemin": "^3.1.0

found 40 vulnerabilities (21 low, 11 moderate, 8 high) in 5469 scanned packages
27 vulnerabilities require semver-major dependency updates.
13 vulnerabilities require manual review. See the full report for details.

grunt-contrib-connect": "^2.0.0

portal-frontend         | Running "watch" task
portal-frontend         | Waiting...
portal-frontend         | (node:16) UnhandledPromiseRejectionWarning: Error: Exited with code 3
portal-frontend         |     at ChildProcess.cp.once.code (/home/cert/customer-portal/node_modules/opn/index.js:85:13)
portal-frontend         |     at Object.onceWrapper (events.js:317:30)
portal-frontend         |     at emitTwo (events.js:126:13)
portal-frontend         |     at ChildProcess.emit (events.js:214:7)
portal-frontend         |     at maybeClose (internal/child_process.js:915:16)
portal-frontend         |     at Socket.stream.socket.on (internal/child_process.js:336:11)
portal-frontend         |     at emitOne (events.js:116:13)
portal-frontend         |     at Socket.emit (events.js:211:7)
portal-frontend         |     at Pipe._handle.close [as _onclose] (net.js:561:12)
portal-frontend         |
portal-frontend         | (node:16) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
portal-frontend         | (node:16) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

found 23 vulnerabilities (12 low, 9 moderate, 2 high) in 5440 scanned packages
10 vulnerabilities require semver-major dependency updates.
13 vulnerabilities require manual review. See the full report for details.

grunt-angular-templates": "^1.1.0

found 20 vulnerabilities (10 low, 9 moderate, 1 high) in 5465 scanned packages
6 vulnerabilities require semver-major dependency updates.
14 vulnerabilities require manual review. See the full report for details.

grunt-ng-annotate": "^3.0.0

found 18 vulnerabilities (9 low, 8 moderate, 1 high) in 5464 scanned packages
4 vulnerabilities require semver-major dependency updates.
14 vulnerabilities require manual review. See the full report for details.

@davewood
Copy link
Contributor

davewood commented Apr 1, 2019

grunt-wiredep": "^3.0.1

found 15 vulnerabilities (8 low, 7 moderate) in 5475 scanned packages
1 vulnerability requires semver-major dependency updates.
14 vulnerabilities require manual review. See the full report for details.

grunt-contrib-cssmin": "^3.0.0

found 14 vulnerabilities (7 low, 7 moderate) in 5386 scanned packages
14 vulnerabilities require manual review. See the full report for details.

@ghost ghost added the work-in-progress label May 6, 2019
@ghost
Copy link
Author

ghost commented Jun 3, 2019

Current:

found 17 vulnerabilities (7 low, 8 moderate, 2 high)
  run `npm audit fix` to fix them, or `npm audit` for details

@certrik
Copy link

certrik commented Jan 7, 2020

@davewood if easily fixed please stay on track resolving security issues.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@davewood davewood

Labels
work-in-progress
Projects
None yet
Milestone
Medium priority 200107
Development

No branches or pull requests
2 participants
@davewood @certrik