-
Notifications
You must be signed in to change notification settings - Fork 9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The puppeteer failing the build due to audit issue. #5522
Comments
having same issue.. (and not a node guy) |
tried downgrading to 2.1.1 and 2.1.0.. and even 2.0.0 All having same issues |
@aslushnikov - ANy thoughts on this issue? |
I'm waiting on pull request max-mapper/extract-zip#85 to happen. But that repo has had no activity since May 2018. https://github.com/SakiiCode/extract-zip/ has that pull request done (https://github.com/SakiiCode/extract-zip/commit/921fa811f7b6dcda82736dce18a69b960051dc96). In npm, is there any way to tell the npm package manager to use a different repo for a dependency of a dependency? |
Ditto @cyclingzealot BTW that repo looks hostaged (one issue that GitHub should take notice but won't take any action). Seen this happen with with other repos. Maybe it's better to fork and install directly from your own repo? |
SakiiCode has heard you can change the source of a transitive dependency with https://www.npmjs.com/package/npm-force-resolutions , but he hasn't checked that out yet. |
@aslushnikov I noticed you're on the playwright project. Random tangent questions about playright
Regarding q2... looking at pup contributors vs playwright contribturos .. seems like the major contributors migrated over |
We're marking this issue as unconfirmed because it has not had recent activity and we weren't able to confirm it yet. It will be closed if no further activity occurs within the next 30 days. |
I prefer documenting resolution over letting staleness auto-close. I think this can be closed. I used |
We are closing this issue. If the issue still persists in the latest version of Puppeteer, please reopen the issue and update the description. We will try our best to accomodate it! |
Steps to reproduce
Tell us about your environment:
2.1.1
What steps will reproduce the problem?
$ npm init -y
$ npm install puppeteer --save
$ npm audit
What is the expected result?
Pass the audit with
0
vulnerabilityWhat happens instead?
Fails the build:
Moderate : Prototype Pollution
Package : minimist
Patched in : >=0.2.1 <1.0.0 || >=1.2.3
Dependency of : puppeteer
Path : puppeteer > extract-zip > mkdirp > minimist
More info : https://npmjs.com/advisories/1179
found 1 moderate severity vulnerability in 51 scanned packages
1 vulnerability requires manual review. See the full report for details.
The text was updated successfully, but these errors were encountered: