-
Notifications
You must be signed in to change notification settings - Fork 917
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v13.0.0 Blocker] Refactor functions:shell
to not use request
#2215
Comments
@sadhon thanks for reporting this! The @bkendall is already working on removing Right now you do not need to worry about this, it's not a security vulnerability and we expect it to be fixed in a future version. |
Today |
@bogacg can you show logs from an aborted install? |
@samtstern I re-executed global install command and sorry, that one is a WARN, problem is
You need full log? |
That's a global ongoing |
The issue is still not resolved |
You may need to run |
...after |
Yes thanks bogacg |
Yes, its worked after |
npm WARN deprecated [email protected]: this library is no longer supported |
npm WARN deprecated [email protected]: request has been deprecated, see request/request#3142
Yeoman Doctor ✔ No .bowerrc file in home directory Unable to find the npm root, something went wrong. ✔ No .yo-rc.json file in home directory Found potential issues on your machine :(
### please help me with this error |
Any one have resolution for this. |
try to install npm new version i try with that and work!! command: npm install -g npm |
@samtstern Any news about this? To help you, jsdom (used in JEST) has gone through a similar re-engineering, and landed on From a developer point of view, it's annoying that there will likely be great announcements on Google IO while an issue like this is still open. Also maintenance is important. 🧹 Current situation:
|
Related: |
It's true that We have made a decision not to rush and try to remove If anyone wants to pick a part of this codebase and remove |
I'm not very worried about it either - and it's reassuring just to know you're taking it away, alongside other work. The audits are a bigger concern, and I'm glad to see the PR you mention. |
given that fetch is now built right in to nodejs deno and workers |
Voting for |
|
It seems, while removing deprecated packages, uuid is an easy update as well as debug. ❯ npm -g install [email protected]
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 |
Update on this: This is on our radar, and we've stopped using this dependency almost everywhere in the codebase. However, the functions:shell command, which provides a REPL for testing out your functions, exposes request as part of its public API, so we cannot easily remove |
It's been nearly 3 years since this issue was posted, when will the dependencies be removed...? |
There's now a moderate security issue on the deprecated request package, which I assume will never be fixed. Is there a timeline for removing the last remaining request package usage? |
I have the same issue . |
|
request is affected by 2 vulnerabilities :
|
functions:shell
to not use request
functions:shell
to not use requestfunctions:shell
to not use request
I am trying to run "npm install -g firebase-tools" command on linux OS but it gives me the above error every time.On the other hand when I try to run "npx create-react-app app-name" command, it works fine. I searched the solution on the internet but did not find any acceptable solution. Is there any way to fix this problem.
The text was updated successfully, but these errors were encountered: