building warnings / criticals etc. · hackmdio/codimd#1907

(2 comments) (0 reactions) (0 assignees)JavaScript (8,949 stars) (1,038 forks)batch import

good first issue

Description

Am I doing something wrong, or is just normal for this project? Second question I have, I was wondering what is the minimum disk usage for this. I am looking for something lite (migrating from https://github.com/ether/etherpad-lite (which they should rename to etherpad-fat))

npm warn EBADENGINE Unsupported engine {
npm warn EBADENGINE   package: 'codimd@2.5.3',
npm warn EBADENGINE   required: { node: '>=14.0.0 <17.0.0' },
npm warn EBADENGINE   current: { node: 'v21.7.3', npm: '10.9.1' }
npm warn EBADENGINE }
npm warn deprecated xmldom@0.1.31: Deprecated due to CVE-2021-21366 resolved in 0.5.0
npm warn deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm warn deprecated trim@0.0.1: Use String.prototype.trim() instead
npm warn deprecated uuid@3.3.2: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm warn deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm warn deprecated stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
npm warn deprecated source-map-url@0.4.0: See https://github.com/lydell/source-map-url#deprecated
npm warn deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm warn deprecated shortid@2.2.14: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm warn deprecated querystring@0.2.0: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm warn deprecated passport.socketio@3.7.0: Please check the workaround in https://github.com/jfromaniello/passport.socketio/issues/148
npm warn deprecated request@2.88.0: request has been deprecated, see https://github.com/request/request/issues/3142
npm warn deprecated phantomjs-prebuilt@2.1.16: this package is now deprecated
npm warn deprecated nomnom@1.8.1: Package no longer supported. Contact support@npmjs.com for more info.
npm warn deprecated uglify-es@3.3.9: support for ECMAScript is superseded by `uglify-js` as of v3.13.0
npm warn deprecated har-validator@5.1.3: this library is no longer supported
npm warn deprecated gulp-header@1.8.12: Removed event-stream from gulp-header
npm warn deprecated figgy-pudding@3.5.1: This module is no longer supported.
npm warn deprecated html-webpack-plugin@4.0.0-beta.8: please switch to a stable version
npm warn deprecated csurf@1.11.0: Please use another csrf package
npm warn deprecated passport-saml@1.0.0: For versions >= 4, please use scopped package @node-saml/passport-saml
npm warn deprecated svgo@1.3.2: This SVGO version is no longer supported. Upgrade to v2.x.x.
npm warn deprecated @braintree/sanitize-url@3.1.0: Potential XSS vulnerability patched in v6.0.0.
npm warn deprecated @aws-sdk/util-error-constructor@0.1.0-preview.7: The package @aws-sdk/util-error-constructor was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/xml-body-builder@0.1.0-preview.7: The package @aws-sdk/xml-body-builder was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/signing-middleware@0.1.0-preview.10: The package @aws-sdk/signing-middleware was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/ssec-middleware@0.1.0-preview.8: The package @aws-sdk/ssec-middleware was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/apply-body-checksum-middleware@0.1.0-preview.8: The package @aws-sdk/apply-body-checksum-middleware was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/response-metadata-extractor@0.1.0-preview.8: The package @aws-sdk/response-metadata-extractor was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/s3-error-unmarshaller@0.1.0-preview.2: The package @aws-sdk/s3-error-unmarshaller was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/protocol-timestamp@0.1.0-preview.7: The package @aws-sdk/protocol-timestamp was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/location-constraint-middleware@0.1.0-preview.7: The package @aws-sdk/location-constraint-middleware was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/middleware-serializer@0.1.0-preview.7: The package @aws-sdk/middleware-serializer was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/is-iterable@0.1.0-preview.3: The package @aws-sdk/is-iterable was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/core-handler@0.1.0-preview.7: The package @aws-sdk/core-handler was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/stream-collector-node@0.1.0-preview.9: The package @aws-sdk/stream-collector-node was released in Developer Preview. It is no longer supported.
npm warn deprecated @aws-sdk/xml-body-parser@0.1.0-preview.9: The package @aws-sdk/xml-body-parser was released in Developer Preview. It is no longer supported.
npm warn deprecated xmldom@0.1.27: Deprecated due to CVE-2021-21366 resolved in 0.5.0
npm warn deprecated @aws-sdk/query-error-unmarshaller@0.1.0-preview.8: The package @aws-sdk/query-error-unmarshaller was released in Developer Preview. It is no longer supported.
npm warn deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm warn deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated adal-node@0.1.28: This package is no longer supported. Please migrate to @azure/msal-node.
npm warn deprecated @aws-sdk/bucket-endpoint-middleware@0.1.0-preview.7: The package @aws-sdk/bucket-endpoint-middleware was released in Developer Preview. It is no longer supported.
npm warn deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm warn deprecated debug@3.2.6: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when 

.
.
.

198 vulnerabilities (8 low, 80 moderate, 67 high, 43 critical)

Contributor guide

Tech stack: javascriptnodejs
Domain: full stack
Issue type: chore
Difficulty: 3
Estimated time: 1-3 hours
Activity status: active
Clarity: needs investigation
Prerequisites: npmbasic Node.js knowledgeunderstanding of dependency management
Newbie friendliness: 30
Research direction: Investigate the npm warnings and vulnerabilities shown in the issue. Check the project's package.json and package lock.json files to determine which dependencies are outdated and causing these warnings. Verify if the warnings are expected for the current version of CodiMD (v2.5.3) or if a comprehensive dependency update is needed. Look at the comments on the issue for any additional context, and consider proposing a step by step plan to update packages and resolve the critical vulnerabilities.