You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2022/11/02 14:37:05 UTC
[GitHub] [cordova] Likhi1111 opened a new issue, #349: Cordova installation dispalying warning
Likhi1111 opened a new issue, #349:
URL: https://github.com/apache/cordova/issues/349
<!--
Please have a look at the issue templates you get when you click "New issue" in the GitHub UI.
We very much prefer issues created by using one of these templates.
-->
### Issue Type
<!-- Please check the boxes by putting an x in the [ ] like so: [x] -->
- [ ] Bug Report
- [ ] Feature Request
- [x] Support Question
## Description
showing some warning while installing Cordava
## Information
<!-- Include all relevant information that might help understand and reproduce the problem -->
### Command or Code
<!-- What command or code is needed to reproduce the problem? -->
### Environment, Platform, Device
<!-- In what environment, on what platform or on which device are you experiencing the issue? -->
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated stringify-package@1.0.1: This module is not used anymore, and has been replaced by @npmcli/package-json
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
added 489 packages, and audited 490 packages in 36s
52 packages are looking for funding
run `npm fund` for details
4 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
### Version information
<!--
What are relevant versions you are using?
For example:
Cordova: Cordova CLI, Cordova Platforms, Cordova Plugins
Other Frameworks: Ionic Framework and CLI version
Operating System, Android Studio, Xcode etc.
-->
## Checklist
<!-- Please check the boxes by putting an `x` in the `[ ]` like so: `[x]` -->
- [x] I searched for already existing GitHub issues about this
- [x] I updated all Cordova tooling to their most recent version
- [x] I included all the necessary information above
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org
[GitHub] [cordova] breautek commented on issue #349: Cordova installation dispalying warning
Posted by GitBox <gi...@apache.org>.
breautek commented on issue #349:
URL: https://github.com/apache/cordova/issues/349#issuecomment-1300690548
A fresh install shows different results (npm install -g cordova may not be a fresh install if you had an older version previously installed)
```npm install cordova
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
added 489 packages, and audited 490 packages in 1m
52 packages are looking for funding
run `npm fund` for details
5 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
```
You can use `npm -g upgrade cordova` to upgrade global packages. The difference between `upgrade` and `install` and `install` will update the main package, but may not recursively update it's dependencies or child dependencies, if the version is already satisfactory, where as `upgrade` will upgrade all of the package's dependencies and child dependencies recursively to the latest version available that satisfies their declared semver version.
This will resolve the deprecation warnings for receive for `uuid` and `stringify-package`
Nonetheless, there are still 2 active deprecations used, which are: `har-validor` and `request`
```
npm ls har-validator
cdvtest@1.0.0 /home/norman/test/cdvtest
└─┬ cordova@11.0.0
└─┬ insight@0.11.1
└─┬ request@2.88.2
└── har-validator@5.1.5
```
As you can see, `har-validot` is used by `request`, soo...
```
npm ls request
cdvtest@1.0.0 /home/norman/test/cdvtest
└─┬ cordova@11.0.0
├─┬ cordova-create@4.0.0
│ └─┬ cordova-fetch@3.0.1
│ └─┬ pacote@11.3.5
│ └─┬ @npmcli/run-script@1.8.6
│ └─┬ node-gyp@7.1.2
│ └── request@2.88.2 deduped
└─┬ insight@0.11.1
└── request@2.88.2
```
There are 2 sub-dependencies that Cordova depends on that is including this dependency, `pacote` which is part of [NPM's codebase](https://www.npmjs.com/package/pacote) and insight. Pacote may need to wait for NodeJS's package [node-gyp](https://www.npmjs.com/package/node-gyp) to update first. There isn't anything Cordova can do directly to resolve these deprecation warnings. While these packages are deprecated they should work as is for the foreseeable future. Therefore I think it's fine to wait for updates of the underlying packages for the time being.
As for the reported vulnerabilities, they are from the `update-notifier` package. There are ways to forcefully force cordova to use a different version, such as version `6.x` of `update-notifier` which resolves the moderate vulnerabilities, however 6.x includes breaking changes that a simple test causes Cordova not to work properly. You can use `npm audit` to find more information on vulnerability to determine the severity for you.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org