Joomla! Issue Tracker | Joomla! CMS #35169 - [4] crypto@1.0.1: This package is no longer supported. It's now a built-in Node module

No Code Attached Yet

Closed
17 Aug 2021
Medium
Build: 4.0-dev
# 35169

PhilETaylor
17 Aug 2021

Steps to reproduce the issue

npm ci

Expected result

Actual result

npm WARN old lockfile
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile
npm WARN deprecated crypto@1.0.1: This package is no longer supported. It's now a built-in Node module. If you've depended on crypto, you should

System information (as much as possible)

 npm -v
7.20.6
 node -v
v16.6.2

PhilETaylor - open - 17 Aug 2021

joomla-cms-bot - change - 17 Aug 2021

Labels

Added: No Code Attached Yet

joomla-cms-bot - labeled - 17 Aug 2021

PhilETaylor - change - 17 Aug 2021

The description was changed

PhilETaylor - edited - 17 Aug 2021

PhilETaylor - change - 17 Aug 2021

The description was changed

PhilETaylor - edited - 17 Aug 2021

PhilETaylor - comment - 17 Aug 2021

merge  <2.1.1
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1666
fix available via `npm audit fix --force`
Will install watch@0.13.0, which is a breaking change
node_modules/merge
  exec-sh  <=0.3.1
  Depends on vulnerable versions of merge
  node_modules/exec-sh
    watch  >=0.14.0
    Depends on vulnerable versions of exec-sh
    node_modules/watch

3 high severity vulnerabilities