[NPMCLI-263] Update library dependencies Created: 19/Jan/22  Updated: 02/Jun/22  Resolved: 02/Jun/22

Status: Closed
Project: Magnolia CLI
Component/s: None
Affects Version/s: 4.0.0
Fix Version/s: 4.0.1

Type: Task Priority: Neutral
Reporter: Martin Drápela Assignee: Unassigned
Resolution: Done Votes: 0
Labels: foundation_team
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Description   

A fresh installation of sudo npm install @magnolia/cli -g

on

npm -v: 6.14.4
nodejs -v: v10.19.0
OS: Linuxmint 20.3 una
Kernel: x86_64 Linux 5.4.0-96-generic

displayed the following WARNings in the installation process:

sudo npm install @magnolia/cli -g

npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated tar@2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
/usr/local/bin/mgnl -> /usr/local/lib/node_modules/@magnolia/cli/bin/mgnl.js

+ @magnolia/cli@4.0.0

added 322 packages from 240 contributors in 37.454s
 

Task

Update the lib dependencies, ideally also for CLI v3 and even in CLI v2.

 



 Comments   
Comment by Maxime Michel [ 31/Jan/22 ]

jsimak rsiska this makes me think we might want a Javascript-specific dependency bot. Would you guys need it for frontend-helpers? Do you have something in place already? Thanks.

Comment by Maxime Michel [ 02/Jun/22 ]

Turned on Renovate for the project, see: https://git.magnolia-cms.com/projects/BUILD/repos/npm-cli/browse/renovate.json

Generated at Mon Feb 12 04:48:06 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.