Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pouchdb-ajax dependency depreciated and related vulnerabilities #265

Open
subz390 opened this issue Aug 19, 2020 · 4 comments
Open

pouchdb-ajax dependency depreciated and related vulnerabilities #265

subz390 opened this issue Aug 19, 2020 · 4 comments

Comments

@subz390
Copy link

subz390 commented Aug 19, 2020

pouchdb-ajax dependency depreciated, are there plans to remedy the issue?
I was installing pouchdb-authentication today and got a load of warnings about it's dependencies being depreciated too.
How easy is it to fix this?

warning pouchdb-authentication > pouchdb-ajax > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
warning pouchdb-authentication > pouchdb-ajax > request > [email protected]: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
warning pouchdb-authentication > pouchdb-ajax > request > [email protected]: this library is no longer supported
warning pouchdb-authentication > pouchdb-ajax > request > hawk > [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
warning pouchdb-authentication > pouchdb-ajax > request > hawk > [email protected]: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
warning pouchdb-authentication > pouchdb-ajax > request > hawk > [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
warning pouchdb-authentication > pouchdb-ajax > request > hawk > cryptiles > [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
warning pouchdb-authentication > pouchdb-ajax > request > hawk > [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
warning pouchdb-authentication > pouchdb-ajax > request > hawk > sntp > [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
warning pouchdb-authentication > pouchdb-ajax > request > hawk > boom > [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
warning pouchdb-authentication > pouchdb-ajax > request > hawk > cryptiles > boom > [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
@SinanGabel
Copy link

Also see #249

@uaru
Copy link

uaru commented Jan 6, 2021
edited
Loading

As of today the results of npm audit

found 458 vulnerabilities (164 low, 155 moderate, 137 high, 2 critical) in 1722 scanned packages

This seems awfully high for a package for authentication

@elverskog
Copy link

Just bumping this. Had no npm issues/warnings but then upon installing pouchdb-authentication...

npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see request/request#3142

added 110 packages, and audited 847 packages in 7s

9 vulnerabilities (2 moderate, 4 high, 3 critical)

@krishna-404
Copy link

Any update on this? are we supposed to not be using pouchdb-auth & be using something else. Doesnt sound right that the issue is pending since 2018. What am I missing?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@uaru @SinanGabel @elverskog @subz390 @krishna-404