Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum
Apps | Demo | Docs | Install

Cloudron CLI : warning on update

Scheduled Pinned Locked Moved App Packaging & Development
5 Posts 4 Posters 146 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • timconsidineT Offline
    timconsidineT Offline
    timconsidine App Dev
    wrote on last edited by
    #1

    Just updated my Cloudron CLI install and saw this :

    $ npm install -g cloudron@4.15.3

added 2 packages, removed 1 package, changed 115 packages, and audited 118 packages in 6s

1 high severity vulnerability

    Does it matter ? Is it really a high severity vulnerability ?

    1 Reply Last reply
    0
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #2

    Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.

    timconsidineT 1 Reply Last reply
    1
  • timconsidineT Offline
    timconsidineT Offline
    timconsidine App Dev
    replied to nebulon on last edited by
    #3

    @nebulon 👍 no rush, no problem

    micmcM 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #4

    See https://overreacted.io/npm-audit-broken-by-design/ and https://news.ycombinator.com/item?id=27761334 on this topic.

    1 Reply Last reply
    2
  • micmcM Offline
    micmcM Offline
    micmc
    replied to timconsidine on last edited by
    #5

    @timconsidine said in Cloudron CLI : warning on update:

    @nebulon 👍 no rush, no problem

    Try I too get the same thing, but then try 'npm audit' you should see "found 0 vulnerabilities". 🙂

    https://marketingtechnology.agency
    For cutting edge web technologies

    1 Reply Last reply
    1

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login
  • Don't have an account? Register
  • Login or register to search.