Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Lots of vulnerabilities, including 15 critical #1561

Open
henhal opened this issue Oct 28, 2024 · 1 comment
Open

[BUG] Lots of vulnerabilities, including 15 critical #1561

henhal opened this issue Oct 28, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@henhal
Copy link

henhal commented Oct 28, 2024

Describe the bug.

Lots of vulnerabilities in dependencies.
As soon as I added @asyncapi/cli to my project, I got this audit report:

24 vulnerabilities (7 moderate, 2 high, 15 critical)

Attempting to use npm audit fix results in a flood of warnings, and even worse results than before.

$ npm audit fix

npm warn deprecated [email protected]: This functionality has been moved to @npmcli/fs
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm warn deprecated [email protected]: This package is no longer supported. Please use @npmcli/package-json instead.
npm warn deprecated @npmcli/[email protected]: This functionality has been moved to @npmcli/fs
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Use your platform's native atob() and btoa() methods instead
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Use your platform's native DOMException instead
npm warn deprecated [email protected]: Use your platform's native performance.now() and performance.timeOrigin.
npm warn deprecated [email protected]: Please use @jridgewell/sourcemap-codec instead
npm warn deprecated [email protected]: Removed event-stream from gulp-header
npm warn deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated @oclif/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/object-schema instead
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/config-array instead
npm warn deprecated [email protected]: CoffeeScript on NPM has moved to "coffeescript" (no hyphen)
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/config-array instead
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/object-schema instead
npm warn deprecated @hyperjump/[email protected]: This package was rolled into @hyperjump/json-schema as of v1.0.0
npm warn deprecated [email protected]: This version is no longer supported. Please see https://eslint.org/version-support for other options.
npm warn deprecated [email protected]: This version is no longer supported. Please see https://eslint.org/version-support for other options.

<... snip ...>
32 vulnerabilities (4 moderate, 2 high, 26 critical)


### Expected behavior

Should have no known vulnerabilities in package-lock

### Screenshots

![Screenshot 2024-10-28 at 16 41 50](https://github.com/user-attachments/assets/38f6ade8-aa57-45d2-9145-29fe5d5362e0)


### How to Reproduce

Clone git
$ npm audit

24 vulnerabilities (7 moderate, 2 high, 15 critical)

### 🥦 Browser

None

### 👀 Have you checked for similar open issues?

- [X] I checked and didn't find similar issue

### 🏢 Have you read the Contributing Guidelines?

- [X] I have read the [Contributing Guidelines](https://github.com/asyncapi/.github/blob/master/CONTRIBUTING.md)

### Are you willing to work on this issue ?

No, someone else can work on it
@henhal henhal added the bug Something isn't working label Oct 28, 2024
Copy link
Contributor

Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Status: To Triage
Development

No branches or pull requests

1 participant