Aus Blockly's sind Rules geworden - Warum?

Thomas Braun

@qqolli sagte in Aus Blockly's sind Rules geworden - Warum?:

npm ERR! invalid: moment@2.29.4 /opt/iobroker/node_modules/moment

Der muss in einer validen Version installiert werden/sein.
Schau dir

cd /opt/iobroker/ && npm ls moment

an.

qqolli

@thomas-braun

cd /opt/iobroker/ && npm ls moment

zeigt folgendes an:

npm ERR! code ELSPROBLEMS
npm ERR! invalid: moment@2.29.4 /opt/iobroker/node_modules/moment
iobroker.inst@3.0.0 /opt/iobroker
+-- iobroker.countdown@2.2.0
| `-- moment@2.29.4 invalid: "^2.30.1" from node_modules/iobroker.javascript
+-- iobroker.echarts@1.7.2
| `-- moment@2.29.4 deduped
+-- iobroker.javascript@7.8.0
| +-- moment-timezone@0.5.45
| | `-- moment@2.29.4 deduped invalid: "^2.30.1" from node_modules/iobroker.javascript
| `-- moment@2.29.4 deduped invalid: "^2.30.1" from node_modules/iobroker.javascript
+-- iobroker.js-controller@5.0.19
| `-- @iobroker/js-controller-common@5.0.19
|   `-- winston-daily-rotate-file@4.7.1
|     `-- file-stream-rotator@0.6.1
|       `-- moment@2.29.4 deduped invalid: "^2.30.1" from node_modules/iobroker.javascript
`-- iobroker.synology@3.1.0
  `-- moment@2.30.1

Wie kann ich den in einer validen Version re-installieren oder ganz entfernen?

Thomas Braun

@qqolli

Hast du moment im Javascript-Adapter als zusätzliches Modul eingetragen?

Auf der HP von moment steht auch:

Moment.js is a legacy project, now in maintenance mode. In most cases, you should choose a different library.

qqolli

@thomas-braun
Der war bis vor kurzem im Javascript-Adapter eingetragen. Zur Zeit sind dort nur noch diese zwei eingetragen:

Wie könnte ich denn dieses Modul (moment) komplett entfernen?

Thomas Braun

@qqolli

Viel fällt mir dazu nicht ein. Jag vielleicht mal ein

npm prune

über das Verzeichnis.

qqolli

@thomas-braun
Oh la la:

olli@ioBroker:~$ cd /opt/iobroker/node_modules/moment
olli@ioBroker:/opt/iobroker/node_modules/moment$ ls -al
total 328
drwxrwxr-x+    7 iobroker iobroker   4096 Jul 15  2022 .
drwxrwxr-x+ 1171 iobroker iobroker  36864 Apr 23 19:15 ..
-rw-rwxr--+    1 iobroker iobroker  45726 Jul 15  2022 CHANGELOG.md
-rw-rwxr--+    1 iobroker iobroker   1075 Jul 15  2022 LICENSE
-rw-rwxr--+    1 iobroker iobroker   2468 Jul 15  2022 README.md
drwxrwxr-x+    3 iobroker iobroker   4096 Jul 15  2022 dist
-rw-rwxr--+    1 iobroker iobroker     39 Jul 15  2022 ender.js
drwxrwxr-x+    2 iobroker iobroker   4096 Jul 15  2022 locale
drwxrwxr-x+    2 iobroker iobroker   4096 Jul 15  2022 min
-rw-rwxr--+    1 iobroker iobroker  23820 Jul 15  2022 moment.d.ts
-rw-rwxr--+    1 iobroker iobroker 174604 Jul 15  2022 moment.js
-rw-rwxr--+    1 iobroker iobroker    273 Jul 15  2022 package.js
-rw-rwxr--+    1 iobroker iobroker   3418 Jul 15  2022 package.json
drwxrwxr-x+    4 iobroker iobroker   4096 Jul 15  2022 src
drwxrwxr-x+    2 iobroker iobroker   4096 Jul 15  2022 ts3.1-typings
olli@ioBroker:/opt/iobroker/node_modules/moment$ npm prune
[sudo] password for olli: 
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated grunt-string-replace@1.3.3: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm WARN deprecated istanbul@0.4.5: This module is no longer maintained, try this instead:
npm WARN deprecated   npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.

added 639 packages, and audited 640 packages in 1m

52 packages are looking for funding
  run `npm fund` for details

3 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

Und das npm audit wirft dann folgendes aus:

olli@ioBroker:/opt/iobroker/node_modules/moment$ npm audit
# npm audit report

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
  coveralls  *
  Depends on vulnerable versions of request
  node_modules/coveralls

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie

3 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Ehrlich gesagt, sind das alles Böhmische Dörfer für mich

mikeal created this issue in request/request

open Request’s Past, Present and Future #3142

Thomas Braun

@qqolli

groups

sagt für den olli?

qqolli

@thomas-braun
Hallo Thomas,

es wird folgendes angezeigt:

Linux ioBroker 6.8.4-2-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.4-2 (2024-04-10T17:36Z) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Apr 25 20:53:39 CEST 2024 from 192.168.178.49 on pts/3
olli@ioBroker:~$ groups
olli sudo iobroker

qqolli

@Thomas-Braun
Sieht das für dich soweit ok aus?

Thomas Braun

@qqolli

Ist halt das absolute Minimum an Gruppen.
Ich weiß aber ehrlich gesagt gar nicht mehr warum ich das angefragt hatte.