MagicMirror Forum
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • 3rd-Party-Modules
    • Donate
    • Discord
    • Register
    • Login
    A New Chapter for MagicMirror: The Community Takes the Lead
    Read the statement by Michael Teeuw here.

    New Install From Raspbian Stretch

    Scheduled Pinned Locked Moved Unsolved Troubleshooting
    raspberry pi 3raspbian stretch
    14 Posts 4 Posters 5.5k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sebien0077 @sdetweil
      last edited by

      @sdetweil
      yes i have made , only one resist :

      pi@raspberrypi:~/MagicMirror $ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ express-ipfilter                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ express-ipfilter > lodash                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
      S lavolp3L 2 Replies Last reply Reply Quote 0
      • S Offline
        sdetweil @sebien0077
        last edited by

        @sebien0077

        npm i lodash@latest

        Sam

        How to add modules

        learning how to use browser developers window for css changes

        1 Reply Last reply Reply Quote 0
        • D Offline
          dazza120
          last edited by dazza120

          Hi guys instead of me starting a new thread for the same thing can I jump in as it seems the last thing may have fixed OP’s issue, I have two vulnerabilities that are not fixing ate all 😢 can you help please I’ve tried the npm I lodash@latest but that doesn’t work

                                 Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.3.5                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ fix                                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ fix > underscore.string                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/745                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ express-ipfilter                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ express-ipfilter > lodash                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/577
          1 Reply Last reply Reply Quote 0
          • lavolp3L Offline
            lavolp3 Module Developer
            last edited by lavolp3

            Guys be careful with the npm vulnerabilities!
            It’s not advisable to always fix all of them.
            E.g. if a vulnerability wants to have a most recent version of an important dependency, fixing it might even break your working MM because MM can’t work with this new dependency.

            If you’re not completely sure what you’re doing then leave them.
            They are not errors after all, your modules should work with these vulnerabilities as well.

            How to troubleshoot modules
            MMM-soccer v2, MMM-AVStock

            D 1 Reply Last reply Reply Quote 2
            • D Offline
              dazza120 @lavolp3
              last edited by

              @lavolp3 understood thanks ill leave well alone now then thanks

              1 Reply Last reply Reply Quote 0
              • lavolp3L Offline
                lavolp3 Module Developer @sebien0077
                last edited by

                @sebien0077 better leave lodash alone is my suggestion. YOur mirror should work with this vulnerability as well.

                HOwever, you can of course try it out IF YOU DARE!!!
                Go on the presented link and do as suggested.

                npm install lodash@4.17.5

                (that’s what I would try)

                How to troubleshoot modules
                MMM-soccer v2, MMM-AVStock

                S 1 Reply Last reply Reply Quote 0
                • S Offline
                  sebien0077 @lavolp3
                  last edited by

                  @lavolp3 said in New Install From Raspbian Stretch:

                  npm install lodash@4.17.5

                  Thx for your help. I just don’t like vulnerability :)
                  i have try 4.17.5 and 4.17.11 … nothing work :(

                  pi@raspberrypi:~/MagicMirror $ npm install lodash@4.17.5
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.

+ lodash@4.17.5
updated 1 package and audited 4407 packages in 42.128s
found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
pi@raspberrypi:~/MagicMirror $ npm audit fix
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.

up to date in 31.654s
fixed 0 of 1 vulnerability in 4407 scanned packages
  1 vulnerability required manual review and could not be updated
pi@raspberrypi:~/MagicMirror $ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ express-ipfilter                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ express-ipfilter > lodash                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 4407 scanned packages
  1 vulnerability requires manual review. See the full report for details.
pi@raspberrypi:~/MagicMirror $ npm install lodash@4.17.11
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.

+ lodash@4.17.11
updated 1 package and audited 4407 packages in 39.671s
found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
pi@raspberrypi:~/MagicMirror $ npm audit fix
npm WARN acorn-jsx@5.0.1 requires a peer of acorn@^6.0.0 but none is installed. You must install peer dependencies yourself.

up to date in 32.389s
fixed 0 of 1 vulnerability in 4407 scanned packages
  1 vulnerability required manual review and could not be updated
pi@raspberrypi:~/MagicMirror $ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ express-ipfilter                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ express-ipfilter > lodash                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 4407 scanned packages
  1 vulnerability requires manual review. See the full report for details.
                  lavolp3L 1 Reply Last reply Reply Quote 0
                  • S Offline
                    sdetweil
                    last edited by

                    as you will be the only user of the app (in your house, no public consumers, not open to internet)…

                    the vulnerabilities really don’t matter…

                    Sam

                    How to add modules

                    learning how to use browser developers window for css changes

                    1 Reply Last reply Reply Quote 0
                    • lavolp3L Offline
                      lavolp3 Module Developer @sebien0077
                      last edited by

                      @sebien0077 Have you done a reboot? I hear they can do wonders!

                      How to troubleshoot modules
                      MMM-soccer v2, MMM-AVStock

                      S 1 Reply Last reply Reply Quote 0
                      • S Offline
                        sebien0077 @lavolp3
                        last edited by

                        @lavolp3 yes, a lot of time ^^

                        1 Reply Last reply Reply Quote 0
                        • 1
                        • 2
                        • 1 / 2
                        • First post
                          Last post
                        Enjoying MagicMirror? Please consider a donation!
                        MagicMirror created by Michael Teeuw.
                        Forum managed by Sam, technical setup by Karsten.
                        This forum is using NodeBB as its core | Contributors
                        Contact | Privacy Policy