New Install From Raspbian Stretch

sebien0077 · Jan 21, 2019, 7:46 PM

@lavolp3 said in New Install From Raspbian Stretch:

npm install lodash@4.17.5

Thx for your help. I just don’t like vulnerability :)
i have try 4.17.5 and 4.17.11 … nothing work :(

pi@raspberrypi:~/MagicMirror $ npm install lodash@4.17.5
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.

+ lodash@4.17.5
updated 1 package and audited 4407 packages in 42.128s
found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
pi@raspberrypi:~/MagicMirror $ npm audit fix
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.

up to date in 31.654s
fixed 0 of 1 vulnerability in 4407 scanned packages
  1 vulnerability required manual review and could not be updated
pi@raspberrypi:~/MagicMirror $ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ express-ipfilter                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ express-ipfilter > lodash                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 4407 scanned packages
  1 vulnerability requires manual review. See the full report for details.
pi@raspberrypi:~/MagicMirror $ npm install lodash@4.17.11
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.

+ lodash@4.17.11
updated 1 package and audited 4407 packages in 39.671s
found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
pi@raspberrypi:~/MagicMirror $ npm audit fix
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.

up to date in 32.389s
fixed 0 of 1 vulnerability in 4407 scanned packages
  1 vulnerability required manual review and could not be updated
pi@raspberrypi:~/MagicMirror $ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ express-ipfilter                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ express-ipfilter > lodash                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 4407 scanned packages
  1 vulnerability requires manual review. See the full report for details.

sdetweil · Jan 21, 2019, 7:49 PM

as you will be the only user of the app (in your house, no public consumers, not open to internet)…

the vulnerabilities really don’t matter…

lavolp3 · Jan 21, 2019, 9:47 PM

@sebien0077 Have you done a reboot? I hear they can do wonders!

sebien0077 · Jan 21, 2019, 9:48 PM

@lavolp3 yes, a lot of time ^^