-
Notifications
You must be signed in to change notification settings - Fork 660
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm WARN deprecated vm2@3.9.19: The library contains critical security issues #5030
Comments
The project discontinued. 9.8 CVE is very high severity (9.8 of 10) https://nvd.nist.gov/vuln/detail/CVE-2023-37466 and should be replaced by https://www.npmjs.com/package/isolated-vm I don't know the Ionic codebase but vm2 is used to "run untrusted code in Node" should be optional part of a framework. npm audit result
|
The ionic cli itself, mainly to download the starter templates when running These requests are done using the In order for superagent to support proxies it uses the A proxy server can be configured either by manually specifying proxy parameter or by a proxy autoconfigure script (PAC). A PAC is basically a Javascript script that computes the proxy parameters dynamically based on destination. PAC resolution is performed by the Older version of So, if you are in a network with an autoconfigured proxy and run If you are not using an autoconfigured proxy in your development computer, you are not at risk and may disregard the warning. |
Is there a way to reduce dependencies? A PAC proxy is edge case for dev machine. Do you think about a kind of plugin / extension? It is not so nice to have CVEs any projects because of exploitation chains. |
Description:
When I install the latest Ionic CLI, it is throwing deprecated warning and the latest version CLI is not installed
Steps to Reproduce:
RUN Below commands, per the official guide here
Other Information:
The text was updated successfully, but these errors were encountered: