Cloudron CLI : warning on update
-
Just updated my Cloudron CLI install and saw this :
$ npm install -g cloudron@4.15.3 added 2 packages, removed 1 package, changed 115 packages, and audited 118 packages in 6s 1 high severity vulnerabilityDoes it matter ? Is it really a
high severity vulnerability? -
Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.
-
Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.
-
See https://overreacted.io/npm-audit-broken-by-design/ and https://news.ycombinator.com/item?id=27761334 on this topic.
-
@nebulon
no rush, no problem@timconsidine said in Cloudron CLI : warning on update:
@nebulon
no rush, no problemTry I too get the same thing, but then try 'npm audit' you should see "found 0 vulnerabilities".
