Skip to content

[Bug] Warnings of deprecation and vulnerabilities on step 5 - Deploy #74

New issue
New issue
Open
Open
[Bug] Warnings of deprecation and vulnerabilities on step 5 - Deploy#74
Labels
bugSomething isn't workingneeds engineeringRequires engineering-specific changes only.
@rffontenelle

Description

@rffontenelle
rffontenelle
opened on Mar 20, 2024

Summary

In Step 5: Deploy to a production environment based on labels, when running the deploy-prod.yml workflow, the npm install and build webpack step from build job emits several warnings of deprecation and vulnerabilities for the dependencies of the webpack used in the exercise.

How to reproduce

  1. Get to the Step 5: Deploy to a production environment based on labels
  2. Follow instructions Activities 1 and then Activities 2
  3. Once the PR is merged into main, deploy-prod.yml workflow will be triggered
  4. Browse the logs for this workflow run, check build job, npm install and build webpack step
  5. See warnings in the log
Click here to show the text if the warning shown in the image below 
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated [email protected]: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated [email protected]: This version of 'buffer' is out-of-date. You must update to v4.9.2 or newer
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)

added 1680 packages, and audited 1681 packages in 13s


47 packages are looking for funding

run npm fund for details


12 vulnerabilities (1 low, 3 moderate, 8 high)


To address issues that do not require attention, run:

npm audit fix


To address all issues (including breaking changes), run:

npm audit fix --force


Run npm audit for details.

image

Additional context

Reference of the latest commit from this repository in which I did my exercise: 02e588b

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingneeds engineeringRequires engineering-specific changes only.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions