Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. App Packaging & Development
  3. Cloudron CLI : warning on update

Cloudron CLI : warning on update

Scheduled Pinned Locked Moved App Packaging & Development
5 Posts 4 Posters 1.2k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • timconsidineT Offline
    timconsidineT Offline
    timconsidine
    App Dev
    wrote on last edited by
    #1

    Just updated my Cloudron CLI install and saw this :

    $ npm install -g cloudron@4.15.3

added 2 packages, removed 1 package, changed 115 packages, and audited 118 packages in 6s

1 high severity vulnerability

    Does it matter ? Is it really a high severity vulnerability ?

    1 Reply Last reply
    0
    • nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #2

      Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.

      timconsidineT 1 Reply Last reply
      1
      • nebulonN nebulon

        Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.

        timconsidineT Offline
        timconsidineT Offline
        timconsidine
        App Dev
        wrote on last edited by
        #3

        @nebulon 👍 no rush, no problem

        micmcM 1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          See https://overreacted.io/npm-audit-broken-by-design/ and https://news.ycombinator.com/item?id=27761334 on this topic.

          1 Reply Last reply
          2
          • timconsidineT timconsidine

            @nebulon 👍 no rush, no problem

            micmcM Offline
            micmcM Offline
            micmc
            wrote on last edited by
            #5

            @timconsidine said in Cloudron CLI : warning on update:

            @nebulon 👍 no rush, no problem

            Try I too get the same thing, but then try 'npm audit' you should see "found 0 vulnerabilities". 🙂

            Ignorance is not an excuse anymore!
            https://AutomateKit.com

            1 Reply Last reply
            1
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes

            • Login
            • Don't have an account? Register
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search