Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. App Packaging & Development
  3. Cloudron CLI : warning on update

Cloudron CLI : warning on update

Scheduled Pinned Locked Moved App Packaging & Development
5 Posts 4 Posters 725 Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • timconsidineT Offline
      timconsidineT Offline
      timconsidine
      App Dev
      wrote on last edited by
      #1

      Just updated my Cloudron CLI install and saw this :

      $ npm install -g cloudron@4.15.3
      
      added 2 packages, removed 1 package, changed 115 packages, and audited 118 packages in 6s
      
      1 high severity vulnerability
      

      Does it matter ? Is it really a high severity vulnerability ?

      1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.

        timconsidineT 1 Reply Last reply
        1
        • nebulonN nebulon

          Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.

          timconsidineT Offline
          timconsidineT Offline
          timconsidine
          App Dev
          wrote on last edited by
          #3

          @nebulon 👍 no rush, no problem

          micmcM 1 Reply Last reply
          0
          • girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #4

            See https://overreacted.io/npm-audit-broken-by-design/ and https://news.ycombinator.com/item?id=27761334 on this topic.

            1 Reply Last reply
            2
            • timconsidineT timconsidine

              @nebulon 👍 no rush, no problem

              micmcM Offline
              micmcM Offline
              micmc
              wrote on last edited by
              #5

              @timconsidine said in Cloudron CLI : warning on update:

              @nebulon 👍 no rush, no problem

              Try I too get the same thing, but then try 'npm audit' you should see "found 0 vulnerabilities". 🙂

              Ignorance is not an excuse anymore!
              https://AutomateKit.com

              1 Reply Last reply
              1
              Reply
              • Reply as topic
              Log in to reply
              • Oldest to Newest
              • Newest to Oldest
              • Most Votes


                • Login

                • Don't have an account? Register

                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • Bookmarks
                • Search