Navigation

    MagicMirror Forum
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • Donate
    • Discord
    MagicMirror² v2.16.0 is available! For more information about this release, check out this topic.

    UNSOLVED How to 'manual review' vulnerabilities and what are 'breaking changes'?

    Troubleshooting
    3
    6
    1178
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DæmonEyes
      DæmonEyes last edited by

      So I just managed to update my MM (with help from @thedoorsfanatic ) and it said I had 27 vulnerabilities and to do an audit fix which I promptly did.

      0_1554471049642_20190405_080358.jpg

      And after that I got that message saying
      2 vulnerabilities require manual review and could not be updated
      1 package update for 9 vulns involved breaking changes

      0_1554471253294_20190405_080816.jpg

      How do I do a manual review? And what are breaking changes? Can I run the npm audit fix --force or should I avoid doing that?

      DæmonEyes 1 Reply Last reply Reply Quote 0
      • DæmonEyes
        DæmonEyes @DæmonEyes last edited by

        @DæmonEyes I tried npm audit as well

        0_1554471613526_20190405_083648.jpg

        thedoorsfanatic 1 Reply Last reply Reply Quote 0
        • thedoorsfanatic
          thedoorsfanatic @DæmonEyes last edited by

          @DæmonEyes
          me again
          have you tried sudo npm audit fix?

          My Smart Mirror YouTube playlist: https://www.youtube.com/playlist?list=PL9Iv_4Mvy6o2tnvdhNBstVWNefgUP9ELp

          DæmonEyes 1 Reply Last reply Reply Quote 0
          • S
            sdetweil last edited by

            i can’t answer on the how to review and resolve the manual issues…

            breaking changes are between version x and current version, so api changed how it worked, and all using applications MUST change to the new way or they are broken (won’t work)…

            in my old world and IBM, this was NEVER allowed… same data produces same results forever…
            u want to change it so NEW data produces NEW results… ok… but old format MUST remain…

            developers have a lot of NEW work to do, they don’t need to run around and fix old versions of the app…
            (usually don’t get paid for fixes like this)

            Sam

            Create a working config
            How to add modules

            DæmonEyes 1 Reply Last reply Reply Quote 0
            • DæmonEyes
              DæmonEyes @sdetweil last edited by

              @sdetweil hmmm that makes sense. So would npm audit fix --force help? or just make things worse?

              1 Reply Last reply Reply Quote 0
              • DæmonEyes
                DæmonEyes @thedoorsfanatic last edited by

                @thedoorsfanatic Just gave it a go in both the MM directory as well as in general

                0_1554478608092_20190405_103411.jpg

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post
                Enjoying MagicMirror? Please consider a donation!
                MagicMirror created by Michael Teeuw.
                Forum managed by Paul-Vincent Roll and Rodrigo Ramírez Norambuena.
                This forum is using NodeBB as its core | Contributors
                Contact | Privacy Policy