Cloudron CLI : warning on update
-
Just updated my Cloudron CLI install and saw this :
$ npm install -g cloudron@4.15.3 added 2 packages, removed 1 package, changed 115 packages, and audited 118 packages in 6s 1 high severity vulnerabilityDoes it matter ? Is it really a
high severity vulnerability? -
Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.
-
Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.
-
See https://overreacted.io/npm-audit-broken-by-design/ and https://news.ycombinator.com/item?id=27761334 on this topic.
-
@nebulon
no rush, no problem@timconsidine said in Cloudron CLI : warning on update:
@nebulon
no rush, no problemTry I too get the same thing, but then try 'npm audit' you should see "found 0 vulnerabilities".
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login