Skip to content
This repository has been archived by the owner on Mar 18, 2024. It is now read-only.

sfpowerscript has a number of deprecated dependences #1366

Closed
pogilvieCB opened this issue Jul 24, 2023 · 3 comments
Closed

sfpowerscript has a number of deprecated dependences #1366

pogilvieCB opened this issue Jul 24, 2023 · 3 comments
Assignees
@azlam-abdulsalam
Labels
dependencies Pull requests that update a dependency file
Milestone
July 23

Comments

@pogilvieCB
Copy link

Describe the bug
We're concerned about the deprecated dependencies with critical security issues.

To Reproduce
npm install -g @dxatscale/sfpowerscripts
npm WARN deprecated [email protected]: The library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code to isolated-vm.
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see request/request#3142
npm WARN deprecated [email protected]: request has been deprecated, see request/request#3142
npm WARN deprecated @oclif/[email protected]: Deprecated in favor of @oclif/core
npm WARN deprecated [email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm WARN deprecated [email protected]: < 19.4.0 is no longer supported
npm WARN deprecated @salesforce/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

Expected behavior
A clear and concise description of what you expected to happen.
no critical warnings on install

Screenshots
If applicable, add screenshots to help explain your problem.

Platform Details (please complete the following information):

  • OS: MacOs
  • Version [e.g. CLI Version eg: 1.6.6] 22.6.1
  • Salesforce CLI(sfdx cli) Version:
  • CI Platform: GH Actions.

Additional context
Add any other context about the problem here.
@github-actions github-actions bot added the analysis To be decided on how to solution/fix label Jul 24, 2023
@azlam-abdulsalam
Copy link
Contributor

@pogilvieCB Most of these are dependencies of salesforce libs and will be updated as part of this work item #1338

Its scheduled for this release, but very time consuming as lot of api"s are no longer compatible

That being said the risk profile is too low, as sfpowerscripts is not used as a web service with no inbound connection.

@pogilvieCB
Copy link
Author

@azlam-abdulsalam good news on the upcoming update. thank you!

@azlam-abdulsalam
Copy link
Contributor

This has been now resolved in main, and undergoing testing

@rygramer rygramer mentioned this issue Aug 8, 2023
Closed
@azlam-abdulsalam azlam-abdulsalam added dependencies Pull requests that update a dependency file and removed analysis To be decided on how to solution/fix labels Aug 15, 2023
@azlam-abdulsalam azlam-abdulsalam self-assigned this Aug 15, 2023
@azlam-abdulsalam azlam-abdulsalam added this to the July 23 milestone Aug 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@azlam-abdulsalam azlam-abdulsalam

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
July 23
Development

No branches or pull requests
2 participants
@azlam-abdulsalam @pogilvieCB