Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Cloudron CLI : warning on update

    App Packaging & Development
    4
    5
    137
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • timconsidine
      timconsidine App Dev last edited by

      Just updated my Cloudron CLI install and saw this :

      $ npm install -g cloudron@4.15.3
      
      added 2 packages, removed 1 package, changed 115 packages, and audited 118 packages in 6s
      
      1 high severity vulnerability
      

      Does it matter ? Is it really a high severity vulnerability ?

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        Generally since this is just a commandline tool, those warnings mostly do not apply at all. Those affected modules are in this case not used in any daemon or code exposed to the public. We still update dependencies of course accordingly where we see fit.

        timconsidine 1 Reply Last reply Reply Quote 1
        • timconsidine
          timconsidine App Dev @nebulon last edited by

          @nebulon 👍 no rush, no problem

          micmc 1 Reply Last reply Reply Quote 0
          • girish
            girish Staff last edited by

            See https://overreacted.io/npm-audit-broken-by-design/ and https://news.ycombinator.com/item?id=27761334 on this topic.

            1 Reply Last reply Reply Quote 2
            • micmc
              micmc @timconsidine last edited by

              @timconsidine said in Cloudron CLI : warning on update:

              @nebulon 👍 no rush, no problem

              Try I too get the same thing, but then try 'npm audit' you should see "found 0 vulnerabilities". 🙂


              https://marketingtechnology.agency
              For cutting edge web technologies

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Powered by NodeBB