I am attempting to create a chatbot on Facebook using Watson Conversation and linking it via Node-Red. I have been following a tutorial which requires me to install a node-red-contrib-facebook-messenger-writer palette, but unfortunately, I am confronted with this error msg.
Failed to install: node-red-contrib-facebook-messenger-writer
Install failed
I have only tried re-installing it, but with no luck.
Additionally, this is the error msg expanded
2020-01-21T14:24:33.490Z Install : node-red-contrib-facebook-messenger-writer 0.0.4
2020-01-21T14:24:33.885Z npm install --no-audit --no-update-notifier --save --save-prefix="~" --production node-red-contrib-facebook-messenger-writer#0.0.4
2020-01-21T14:24:36.994Z [err] npm
2020-01-21T14:24:36.994Z [err]
2020-01-21T14:24:36.994Z [err] WARN
2020-01-21T14:24:36.994Z [err]
2020-01-21T14:24:36.994Z [err] deprecated
2020-01-21T14:24:36.994Z [err] hawk#6.0.2: This module moved to #hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
2020-01-21T14:24:38.090Z [err] npm WARN deprecated hoek#4.2.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
2020-01-21T14:24:38.097Z [err] npm
2020-01-21T14:24:38.097Z [err] WARN deprecated sntp#2.1.0: This module moved to #hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
2020-01-21T14:24:38.103Z [err] npm
2020-01-21T14:24:38.103Z [err] WARN deprecated boom#4.3.1: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
2020-01-21T14:24:38.210Z [err] npm
2020-01-21T14:24:38.210Z [err] WARN deprecated cryptiles#3.1.4: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
2020-01-21T14:24:38.222Z [err] npm WARN deprecated boom#5.2.0: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
2020-01-21T14:25:41.283Z rc=null
Could someone enlighten me on the error at hand?
The only dependancy that node-red-contrib-facebook-messenger-writer is on request (currently 2.86.0). The packages that you list are dependancies of dependancies.
Bumping the dependancy to 2.88.0, sorted out the vulnerabilities in the nested dependancies. I have just published a published a new version of the node - 0.0.5.
Related
I can not install my npm project due to dependency errors. Node-sass and react-scripts both say high vulnerabilities.
Here is my npm audit report.
How can I solve it?
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts#2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
#svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/#svgr/plugin-svgo
#svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of #svgr/plugin-svgo
node_modules/#svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of #svgr/webpack
node_modules/react-scripts
scss-tokenizer *
Severity: high
Regular expression denial of service in scss-tokenizer - https://github.com/advisories/GHSA-7mwh-4pqv-wmr8
fix available via `npm audit fix --force`
Will install node-sass#4.5.3, which is a breaking change
node_modules/scss-tokenizer
sass-graph >=2.2.0
Depends on vulnerable versions of scss-tokenizer
node_modules/sass-graph
node-sass >=4.6.0
Depends on vulnerable versions of sass-graph
node_modules/node-sass
terser 5.0.0 - 5.14.1
Severity: high
As explained here, if you are using node >= 16 you can install last version of #svgr/webpack
npm i -D #svgr/webpack
In which case you have to add a line in your package.json
"overrides": {
"#svgr/webpack": "$#svgr/webpack"
}
Remove node_modules folder and package-lock.json then perform a new npm install.
You could also only upgrade the 'nth-check' library in a similar fashion.
The library "node-sass" is deprecated so you may use another library, or identify and upgrade the failing component in a similar way as above.
I have tried the suggestion that #Zitoun provided. However, if your application has required input fields with a focus function when submitting with empty fields using react-hook-form, the suggestion will break your app - .focus is not a function. Please check your form before using the suggestion in your production!
i tried to install 'npm install --global expo-cli' and i get this error. svgo#1.3.2 this svgo is no longer supported. upgrade to v2.x.x, uuid#3.4.0 please upgrade to version 7 or higher, chokidar#2.1.8: chokidar 2 does not receive security update since 2019. i run npm audit fix --force, it said recommended protection disable and 7 packages are looking for funding
These are warns regarding libraries you are downloading from the web, don't be concerned by them, you cannot fix those issues. Just ignore it and start using expo. Everything is installed fine. Same errors appear when installing plain React project from the official source, you just need to ignore those warnings.
I want to deploy my app But there are 3 vulnerabilities I didn't understand how to slove them. i used npm audit fix also I sloved some vulnerabilities with manual updating them.so this is th manual review someone help me :
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Regular Expression Denial of Service
Package browserslist
Patched in >=4.16.5
Dependency of react-scripts
Path react-scripts > react-dev-utils > browserslist
More info https://npmjs.com/advisories/1747
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of react-scripts
Path react-scripts > webpack > watchpack > watchpack-chokidar2 >
chokidar > glob-parent
More info https://npmjs.com/advisories/1751
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of react-scripts
Path react-scripts > webpack-dev-server > chokidar > glob-parent
More info https://npmjs.com/advisories/1751
found 3 moderate severity vulnerabilities in 2195 scanned packages
3 vulnerabilities require manual review. See the full report for details.
The answer here gives a good explanation.
Normally, you would try these solutions, in order:
npm audit fix (it sounds like you have already done this)
npm audit fix --force
npm i react-scripts (the parent package of the package with the vuln)
npm i browserslist#4.16.5 glob-parent#5.1.2 (the vuln packages themselves)
However, we can see that (at the time I'm writing this) the issue is not resolved in react-dev-utils' package.json. Additionally, the package.json uses an exact version (no caret). These two facts mean that none of these solutions listed above will work.
You have two options:
clone the create-react-app repo, fix the versions yourself and use your cloned version instead of the real one
wait for create-react-app to fix it, at which point one of the solutions above should work
I would strongly suggest the latter approach.
Maybe this article written by #DanAbramov will be interesting for you https://overreacted.io/npm-audit-broken-by-design/
How can I upgrade my hugo from version 0.55.6 to version 0.69 or 0.70?
I tried yarn add hugo#0.70 and it returns me:
yarn add v1.22.4
warning package.json: No license field
warning ../../../package.json: No license field
warning No license field
[1/4] Resolving packages...
Couldn't find any versions for "hugo" that matches "0.70"
? Please choose a version of "hugo" from this list:
❯ 0.0.3
0.0.2
0.0.1
So I am a little bit confused.
By those version numbers, it seems you want Hugo, which is a static site generator built in Go.
Yarn is a package manager for the Node.JS ecosystem, similar to npm. It manages Node/JS packages, which are usually hosted on https://www.npmjs.com/.
Some packages aren't only JS, but just add JS wrappers over some other binary. This widens the circle of potential overlap, and as there's no naming convention enforced on the NPM packages, you're bound to be mislead by a name. The hugo npm package seems to be an interface for some lighbulbs.
To install Hugo, you will probably need to install it separately. Check the Hugo installation info. If you have to use yarn, you will have to find a different package that ships the hugo binary.
I have a problem on installing react-redux. I copied and pasted the problem here. Is it reasonable to have 2 versions of react-native at the same time in one project?
react-native says :
WARN react-native#0.59.4 requires a peer of react#16.8.3 but none is installed. You must install peer dependencies yourself.
react-redux says :
WARN react-redux#7.0.1 requires a peer of react#^16.8.4 but none is installed. You must install peer dependencies yourself.
by installing 16.8.3, react-redux will look for 16.8.4. on the other side, react-redux does not work with 16.8.3 and required 16.8.4. How to solve the problem?
Ok, I found the reason. 22 hours ago react-redux has updated to 7.0.1 and as its documentation says :The major change for this release is that connect is now implemented using Hooks internally. Because of this, we now require a minimum React version of 16.8.4 or higher. it requires 16.8.4 at least. So the best solution is now to install react-redux version 6.0.1 by:
npm install --save react-redux#6.0.1