Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

For AWS-SDK, uuid package out of date may cause problems with random numbers #3943

Closed
3 tasks done
ConzumexGame opened this issue Nov 6, 2021 · 9 comments
Closed
3 tasks done

For AWS-SDK, uuid package out of date may cause problems with random numbers #3943

ConzumexGame opened this issue Nov 6, 2021 · 9 comments
Assignees
@ajredniwja
Labels
bug This issue is a bug.

Comments

@ConzumexGame
Copy link

ConzumexGame commented Nov 6, 2021
edited
Loading

Confirm by changing [ ] to [x] below to ensure that it's a bug:

Describe the bug
I get several warnings when installing aws-sdk package using npm. It is complaining about the version of uuid used. Which is significantly behind the current version. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.

Is the issue in the browser/Node.js?
Browser/Node.js

If on Node.js, are you running this on AWS Lambda?

Details of the browser/Node.js version
v16.13.0

SDK version number
[email protected]

To Reproduce (observed behavior)
npm i aws-sdk

Expected behavior
No warnings

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.
@ConzumexGame ConzumexGame added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 6, 2021
@ajredniwja ajredniwja self-assigned this Nov 8, 2021
@ajredniwja
Copy link
Contributor

Hey @ConzumexGame thanks for bringing this up, can you please share what warnings you get?

@ajredniwja ajredniwja added response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Nov 22, 2021
@github-actions
Copy link

This issue has not received a response in 1 week. If you still think there is a problem, please leave a comment to avoid the issue from automatically closing.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Nov 28, 2021
@SchmitzChristian
Copy link

SchmitzChristian commented Nov 30, 2021
edited
Loading

Hi @ajredniwja this is what i get:

[email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See #https://v8.dev/blog/math-random for details.

This should be the same problem as discussed here:

#3812

@purejgleason
Copy link

Same issue here problem is...

"uuid": "3.3.2",

@purejgleason
Copy link

Also getting

[email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.

Thanks to the dep on url...

 "url": "0.10.3",

Should be 0.11.0

@github-actions github-actions bot removed closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to \"closing-soon\" in 7 days. labels Dec 1, 2021
@robahtou
Copy link

robahtou commented Mar 2, 2022

Any updates on this? getting same warnings

npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.  
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.

@ezequiel454
Copy link

ezequiel454 commented Mar 18, 2022
edited
Loading

I will follow this thread with same errors

`npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.

npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.

npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.`

@jeremychone
Copy link

I really hope this can be fixed soon.

Now, uuid is at version > 8.x, and having such an old deprecated version in our builds is worrisome and makes our security team nervous.

AWS-SQK team, your library is great, and we use it for big enterprise applications with high compliance requirements, but this issue has been a problem in our context.

@raejoonee raejoonee mentioned this issue Apr 8, 2022
Closed
@ajredniwja
Copy link
Contributor

Closing this issue now. #3924

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ajredniwja ajredniwja

Labels
bug This issue is a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jeremychone @ezequiel454 @ConzumexGame @ajredniwja @robahtou @SchmitzChristian @purejgleason