[NPMCLI-263] Update library dependencies Created: 19/Jan/22 Updated: 02/Jun/22 Resolved: 02/Jun/22 |
|
| Status: | Closed |
| Project: | Magnolia CLI |
| Component/s: | None |
| Affects Version/s: | 4.0.0 |
| Fix Version/s: | 4.0.1 |
| Type: | Task | Priority: | Neutral |
| Reporter: | Martin Drápela | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | foundation_team | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoR: |
Empty
|
||||
| Date of First Response: | |||||
| Description |
|
A fresh installation of sudo npm install @magnolia/cli -g on npm -v: 6.14.4 displayed the following WARNings in the installation process: sudo npm install @magnolia/cli -g npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410 npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated tar@2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap. npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. /usr/local/bin/mgnl -> /usr/local/lib/node_modules/@magnolia/cli/bin/mgnl.js + @magnolia/cli@4.0.0 added 322 packages from 240 contributors in 37.454s Task Update the lib dependencies, ideally also for CLI v3 and even in CLI v2.
|
| Comments |
| Comment by Maxime Michel [ 31/Jan/22 ] |
|
jsimak rsiska this makes me think we might want a Javascript-specific dependency bot. Would you guys need it for frontend-helpers? Do you have something in place already? Thanks. |
| Comment by Maxime Michel [ 02/Jun/22 ] |
|
Turned on Renovate for the project, see: https://git.magnolia-cms.com/projects/BUILD/repos/npm-cli/browse/renovate.json |