MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    How to 'manual review' vulnerabilities and what are 'breaking changes'?

    Scheduled Pinned Locked Moved Unsolved Troubleshooting
    6 Posts 3 Posters 1.9k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DæmonEyesD Offline
      DæmonEyes
      last edited by

      So I just managed to update my MM (with help from @thedoorsfanatic ) and it said I had 27 vulnerabilities and to do an audit fix which I promptly did.

      0_1554471049642_20190405_080358.jpg

      And after that I got that message saying
      2 vulnerabilities require manual review and could not be updated
      1 package update for 9 vulns involved breaking changes

      0_1554471253294_20190405_080816.jpg

      How do I do a manual review? And what are breaking changes? Can I run the npm audit fix --force or should I avoid doing that?

      DæmonEyesD 1 Reply Last reply Reply Quote 0
      • DæmonEyesD Offline
        DæmonEyes @DæmonEyes
        last edited by

        @DæmonEyes I tried npm audit as well

        0_1554471613526_20190405_083648.jpg

        thedoorsfanaticT 1 Reply Last reply Reply Quote 0
        • thedoorsfanaticT Offline
          thedoorsfanatic @DæmonEyes
          last edited by

          @DæmonEyes
          me again
          have you tried sudo npm audit fix?

          My Smart Mirror YouTube playlist: https://www.youtube.com/playlist?list=PL9Iv_4Mvy6o2tnvdhNBstVWNefgUP9ELp

          DæmonEyesD 1 Reply Last reply Reply Quote 0
          • S Offline
            sdetweil
            last edited by

            i can’t answer on the how to review and resolve the manual issues…

            breaking changes are between version x and current version, so api changed how it worked, and all using applications MUST change to the new way or they are broken (won’t work)…

            in my old world and IBM, this was NEVER allowed… same data produces same results forever…
            u want to change it so NEW data produces NEW results… ok… but old format MUST remain…

            developers have a lot of NEW work to do, they don’t need to run around and fix old versions of the app…
            (usually don’t get paid for fixes like this)

            Sam

            How to add modules

            learning how to use browser developers window for css changes

            DæmonEyesD 1 Reply Last reply Reply Quote 0
            • DæmonEyesD Offline
              DæmonEyes @sdetweil
              last edited by

              @sdetweil hmmm that makes sense. So would npm audit fix --force help? or just make things worse?

              1 Reply Last reply Reply Quote 0
              • DæmonEyesD Offline
                DæmonEyes @thedoorsfanatic
                last edited by

                @thedoorsfanatic Just gave it a go in both the MM directory as well as in general

                0_1554478608092_20190405_103411.jpg

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post
                Enjoying MagicMirror? Please consider a donation!
                MagicMirror created by Michael Teeuw.
                Forum managed by Sam, technical setup by Karsten.
                This forum is using NodeBB as its core | Contributors
                Contact | Privacy Policy