You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I try to run this with npm audit fix --force
... but I got errors about changes and updates.
This is the output I got with these errors:
npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating gulp-jade to 0.1.0,which is a SemVer major change.
npm WARN audit Updating gulp-mocha to 7.0.2,which is a SemVer major change.
npm WARN audit Updating gulp to 3.9.1,which is a SemVer major change.
npm WARN audit Updating gulp-zip to 4.2.0,which is a SemVer major change.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/gulp
npm WARN dev gulp@"3.9.1" from the root project
npm WARN
npm WARN Could not resolve dependency:
npm WARN peerOptional gulp@">=4" from [email protected]
npm WARN node_modules/gulp-mocha
npm WARN dev gulp-mocha@"7.0.2" from the root project
npm WARN
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/gulp
npm WARN peerOptional gulp@">=4" from [email protected]
npm WARN node_modules/gulp-mocha
npm WARN dev gulp-mocha@"7.0.2" from the root project
npm WARN deprecated [email protected]: This module relies on Node.js's internals and will break at some point. Do not use it, and update to [email protected].
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated [email protected]: Please update to at least constantinople 3.1.1
npm WARN deprecated [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated [email protected]: Jade has been renamed to pug, please install the latest version of pug instead of jade
npm WARN deprecated [email protected]: Deprecated, use jstransformer
added 142 packages, removed 179 packages, changed 56 packages, and audited 1539 packages in 22s
141 packages are looking for funding
run `npm fund` for details
# npm audit report
constantinople <=3.1.0
Severity: critical
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople - https://github.com/advisories/GHSA-4vmm-mhcq-4x9j
Depends on vulnerable versions of uglify-js
No fix available
node_modules/constantinople
jade >=0.30.0
Depends on vulnerable versions of constantinople
Depends on vulnerable versions of transformers
Depends on vulnerable versions of with
node_modules/jade
gulp-jade *
Depends on vulnerable versions of jade
node_modules/gulp-jade
lodash <=4.17.20
Severity: critical
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix`
node_modules/globule/node_modules/lodash
globule <=1.1.0
Depends on vulnerable versions of lodash
Depends on vulnerable versions of minimatch
node_modules/globule
gaze 0.4.0 - 1.0.0
Depends on vulnerable versions of globule
node_modules/gaze
glob-watcher <=2.0.0
Depends on vulnerable versions of gaze
node_modules/glob-watcher
lodash.template <4.5.0
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/lodash.template
gulp-util >=1.1.0
Depends on vulnerable versions of lodash.template
node_modules/gulp/node_modules/gulp-util
gulp 2.6.1 - 3.9.1
Depends on vulnerable versions of gulp-util
Depends on vulnerable versions of vinyl-fs
node_modules/gulp
minimatch <3.0.2
Severity: high
Regular Expression Denial of Service in minimatch - https://github.com/advisories/GHSA-hxm2-r34f-qmc5
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/glob-stream/node_modules/minimatch
node_modules/globule/node_modules/minimatch
glob 3.0.0 - 5.0.14
Depends on vulnerable versions of minimatch
node_modules/glob-stream/node_modules/glob
node_modules/globule/node_modules/glob
glob-stream 0.2.0 - 5.2.0
Depends on vulnerable versions of glob
Depends on vulnerable versions of minimatch
node_modules/glob-stream
vinyl-fs <=1.0.0
Depends on vulnerable versions of glob-stream
node_modules/vinyl-fs
gulp 2.6.1 - 3.9.1
Depends on vulnerable versions of gulp-util
Depends on vulnerable versions of vinyl-fs
node_modules/gulp
globule <=1.1.0
Depends on vulnerable versions of lodash
Depends on vulnerable versions of minimatch
node_modules/globule
gaze 0.4.0 - 1.0.0
Depends on vulnerable versions of globule
node_modules/gaze
glob-watcher <=2.0.0
Depends on vulnerable versions of gaze
node_modules/glob-watcher
uglify-js <=2.5.0
Severity: critical
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js - https://github.com/advisories/GHSA-34r7-q49f-h37c
Regular Expression Denial of Service in uglify-js - https://github.com/advisories/GHSA-c9f4-xj24-8jqx
No fix available
node_modules/transformers/node_modules/uglify-js
node_modules/uglify-js
node_modules/with/node_modules/uglify-js
constantinople <=3.1.0
Depends on vulnerable versions of uglify-js
node_modules/constantinople
jade >=0.30.0
Depends on vulnerable versions of constantinople
Depends on vulnerable versions of transformers
Depends on vulnerable versions of with
node_modules/jade
gulp-jade *
Depends on vulnerable versions of jade
node_modules/gulp-jade
transformers 2.0.0 - 3.0.1
Depends on vulnerable versions of uglify-js
node_modules/transformers
with 1.1.0 - 2.0.0
Depends on vulnerable versions of uglify-js
node_modules/with
17 vulnerabilities (7 high, 10 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
The text was updated successfully, but these errors were encountered:
I try to run this with
npm audit fix --force
... but I got errors about changes and updates.
This is the output I got with these errors:
The text was updated successfully, but these errors were encountered: