Skip to content
This repository has been archived by the owner on Jan 9, 2024. It is now read-only.

Review npm deprecation warnings #932

Closed
willdurand opened this issue Nov 16, 2021 · 3 comments
Closed

Review npm deprecation warnings #932

willdurand opened this issue Nov 16, 2021 · 3 comments

Comments

@willdurand
Copy link
Member 

npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
@willdurand
Copy link
Member Author

The 3 warnings are all related to request@2, so we should probably replace request with... node-fetch?

This was referenced Nov 16, 2021
Closed
Closed
@stale
Copy link

stale bot commented Jul 31, 2022

This issue has been automatically marked as stale because it has not had recent activity. If you think this bug should stay open, please comment on the issue with further details. Thank you for your contributions.

@stale stale bot added the state: stale label Jul 31, 2022
@lsim
Copy link

lsim commented Jun 6, 2023

This may not look particularly urgent, but many CI pipelines are failing due to this since npm audit fails for repos that publish firefox extensions.

% yarn audit                                                                                                                                                                                            23-06-06 - 10:40:51
yarn audit v1.22.19
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Server-Side Request Forgery in Request                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ request                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ web-ext                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ web-ext > sign-addon > request                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1091725                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 895
Severity: 1 Moderate

@JoshuaKGoldberg JoshuaKGoldberg mentioned this issue Nov 16, 2023
Merged
3 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@willdurand @lsim