Worklog 12-2-23

npm audit report 12/2/23 12:06pm

@cypress/request  <=2.88.12
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/@cypress/request
  cypress  4.3.0 - 12.17.4
  Depends on vulnerable versions of @cypress/request
  node_modules/cypress

apollo-server-core  <=2.26.0
Severity: moderate
Introspection in schema validation in Apollo Server - https://github.com/advisories/GHSA-w42g-7vfc-xf37
Prevent logging invalid header values - https://github.com/advisories/GHSA-j5g3-5c8r-7qfx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/apollo-server-core
  apollo-server-express  <=2.14.1
  Depends on vulnerable versions of apollo-server-core
  node_modules/apollo-server-express


axios  0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install @bandwidth/[email protected], which is a breaking change
node_modules/axios
node_modules/twilio/node_modules/axios
  @bandwidth/messaging  3.0.0 - 4.1.2
  Depends on vulnerable versions of axios
  node_modules/@bandwidth/messaging
  twilio  2.6.0 - 4.19.0 || >=5.0.0-rc16
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of jsonwebtoken
  node_modules/twilio

cli  <=0.11.3
Arbitrary File Write in cli - https://github.com/advisories/GHSA-6cpc-mj5c-m9rq
Node CLI Allows Arbitrary File Overwrite - https://github.com/advisories/GHSA-3mrp-qhcj-mwv5
No fix available
node_modules/cli
  color-difference  *
  Depends on vulnerable versions of cli
  node_modules/color-difference

debug  4.0.0 - 4.3.0
Severity: moderate
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
No fix available
node_modules/rethink-knex-adapter/node_modules/debug
  knex  <=2.3.0
  Depends on vulnerable versions of debug
  node_modules/rethink-knex-adapter/node_modules/knex
    rethink-knex-adapter  *
    Depends on vulnerable versions of knex
    Depends on vulnerable versions of thinky
    node_modules/rethink-knex-adapter

degenerator  <3.0.1
Severity: high
Code Injection in pac-resolver - https://github.com/advisories/GHSA-9j49-mfvp-vmhm
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/degenerator
  pac-resolver  <=4.2.0
  Depends on vulnerable versions of degenerator
  Depends on vulnerable versions of netmask
  node_modules/pac-resolver
    pac-proxy-agent  <=4.1.0
    Depends on vulnerable versions of pac-resolver
    node_modules/pac-proxy-agent
      proxy-agent  1.1.0 - 4.0.1
      Depends on vulnerable versions of pac-proxy-agent
      node_modules/proxy-agent
        mailgun-js  >=0.6.8
        Depends on vulnerable versions of proxy-agent
        node_modules/mailgun-js

flat  <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/flat
  json2csv  3.1.0 - 4.0.0-alpha.2
  Depends on vulnerable versions of flat
  node_modules/json2csv

glob-parent  <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/webpack-dev-server/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/webpack-dev-server/node_modules/chokidar
    webpack-dev-server  2.0.0-beta - 4.7.2
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of selfsigned
    node_modules/webpack-dev-server

json-bigint  <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - https://github.com/advisories/GHSA-wgfq-7857-4jcc
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/json-bigint
  gcp-metadata  0.8.0 - 4.1.0
  Depends on vulnerable versions of json-bigint
  node_modules/gcp-metadata
    google-auth-library  0.9.4 - 5.10.1
    Depends on vulnerable versions of gcp-metadata
    Depends on vulnerable versions of gtoken
    node_modules/google-auth-library
      googleapis  37.0.0-webpack - 48.0.0
      Depends on vulnerable versions of google-auth-library
      Depends on vulnerable versions of googleapis-common
      node_modules/googleapis
      googleapis-common  0.5.0-webpack - 0.5.0-webpack3 || 0.6.0-webpack - 3.2.2
      Depends on vulnerable versions of google-auth-library
      node_modules/googleapis-common

jsonwebtoken  <=8.5.1
Severity: moderate
jsonwebtoken unrestricted key type could lead to legacy keys usage  - https://github.com/advisories/GHSA-8cf7-32gw-wr33
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/nexmo/node_modules/jsonwebtoken
node_modules/twilio/node_modules/jsonwebtoken
  nexmo  *
  Depends on vulnerable versions of jsonwebtoken
  Depends on vulnerable versions of request
  node_modules/nexmo


netmask  <=2.0.0
Severity: critical
Improper parsing of octal bytes in netmask - https://github.com/advisories/GHSA-4c7m-wxvm-r7gc
netmask npm package mishandles octal input data - https://github.com/advisories/GHSA-pch5-whg9-qr2r
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/netmask

node-fetch  <=2.6.6
Severity: high
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/isomorphic-fetch/node_modules/node-fetch
  isomorphic-fetch  2.0.0 - 2.2.1
  Depends on vulnerable versions of node-fetch
  node_modules/isomorphic-fetch
    fbjs  0.7.0 - 1.0.0
    Depends on vulnerable versions of isomorphic-fetch
    node_modules/recompose/node_modules/fbjs
      recompose  >=0.18.0
      Depends on vulnerable versions of fbjs
      node_modules/recompose

node-forge  <=1.2.1
Severity: high
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-forge
  google-p12-pem  <=3.1.2
  Depends on vulnerable versions of node-forge
  node_modules/google-p12-pem
    gtoken  <=5.0.0
    Depends on vulnerable versions of google-p12-pem
    node_modules/gtoken
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts


passport  <0.6.0
Severity: moderate
Passport vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/passport

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/request
  passport-auth0  <=1.4.0
  Depends on vulnerable versions of request
  node_modules/passport-auth0
  wait-on  <=4.0.2
  Depends on vulnerable versions of request
  node_modules/wait-on

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/simple-update-notifier/node_modules/semver
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier
    nodemon  2.0.19 - 2.0.22
    Depends on vulnerable versions of simple-update-notifier
    node_modules/nodemon

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/tough-cookie

trim-newlines  <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
No fix available
node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  node_modules/meow
    us-area-codes  *
    Depends on vulnerable versions of meow
    node_modules/us-area-codes

validator  <13.7.0
Severity: moderate
Inefficient Regular Expression Complexity in validator.js - https://github.com/advisories/GHSA-qgmg-gppg-76g5
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/validator
  thinky  >=1.15.2
  Depends on vulnerable versions of validator
  node_modules/thinky

xml2js  <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
No fix available
node_modules/xml2js
  @bandwidth/numbers  *
  Depends on vulnerable versions of xml2js
  node_modules/@bandwidth/numbers
  selenium-webdriver  2.43.1 - 4.0.0-rc-2
  Depends on vulnerable versions of xml2js
  node_modules/selenium-webdriver

62 vulnerabilities (5 low, 25 moderate, 27 high, 5 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Okay, I've removed some error messages. now it's time to see if this turns on.

Haven't tried turning it on yet, but finally got rid of the error that kept coming up.
This is the npm audit report

@cypress/request  <=2.88.12
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/@cypress/request
  cypress  4.3.0 - 12.17.4
  Depends on vulnerable versions of @cypress/request
  node_modules/cypress

apollo-server-core  <=2.26.0
Severity: moderate
Introspection in schema validation in Apollo Server - https://github.com/advisories/GHSA-w42g-7vfc-xf37
Prevent logging invalid header values - https://github.com/advisories/GHSA-j5g3-5c8r-7qfx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/apollo-server-core
  apollo-server-express  <=2.14.1
  Depends on vulnerable versions of apollo-server-core
  node_modules/apollo-server-express


axios  0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install @bandwidth/[email protected], which is a breaking change
node_modules/axios
node_modules/twilio/node_modules/axios
  @bandwidth/messaging  3.0.0 - 4.1.2
  Depends on vulnerable versions of axios
  node_modules/@bandwidth/messaging
  twilio  2.6.0 - 4.19.0 || >=5.0.0-rc16
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of jsonwebtoken
  node_modules/twilio

cli  <=0.11.3
Arbitrary File Write in cli - https://github.com/advisories/GHSA-6cpc-mj5c-m9rq
Node CLI Allows Arbitrary File Overwrite - https://github.com/advisories/GHSA-3mrp-qhcj-mwv5
No fix available
node_modules/cli
  color-difference  *
  Depends on vulnerable versions of cli
  node_modules/color-difference

debug  4.0.0 - 4.3.0
Severity: moderate
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
No fix available
node_modules/rethink-knex-adapter/node_modules/debug
  knex  <=2.3.0
  Depends on vulnerable versions of debug
  node_modules/rethink-knex-adapter/node_modules/knex
    rethink-knex-adapter  *
    Depends on vulnerable versions of knex
    Depends on vulnerable versions of thinky
    node_modules/rethink-knex-adapter

degenerator  <3.0.1
Severity: high
Code Injection in pac-resolver - https://github.com/advisories/GHSA-9j49-mfvp-vmhm
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/degenerator
  pac-resolver  <=4.2.0
  Depends on vulnerable versions of degenerator
  Depends on vulnerable versions of netmask
  node_modules/pac-resolver
    pac-proxy-agent  <=4.1.0
    Depends on vulnerable versions of pac-resolver
    node_modules/pac-proxy-agent
      proxy-agent  1.1.0 - 4.0.1
      Depends on vulnerable versions of pac-proxy-agent
      node_modules/proxy-agent
        mailgun-js  >=0.6.8
        Depends on vulnerable versions of proxy-agent
        node_modules/mailgun-js

flat  <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/flat
  json2csv  3.1.0 - 4.0.0-alpha.2
  Depends on vulnerable versions of flat
  node_modules/json2csv

glob-parent  <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/webpack-dev-server/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/webpack-dev-server/node_modules/chokidar
    webpack-dev-server  2.0.0-beta - 4.7.2
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of selfsigned
    node_modules/webpack-dev-server

json-bigint  <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - https://github.com/advisories/GHSA-wgfq-7857-4jcc
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/json-bigint
  gcp-metadata  0.8.0 - 4.1.0
  Depends on vulnerable versions of json-bigint
  node_modules/gcp-metadata
    google-auth-library  0.9.4 - 5.10.1
    Depends on vulnerable versions of gcp-metadata
    Depends on vulnerable versions of gtoken
    node_modules/google-auth-library
      googleapis  37.0.0-webpack - 48.0.0
      Depends on vulnerable versions of google-auth-library
      Depends on vulnerable versions of googleapis-common
      node_modules/googleapis
      googleapis-common  0.5.0-webpack - 0.5.0-webpack3 || 0.6.0-webpack - 3.2.2
      Depends on vulnerable versions of google-auth-library
      node_modules/googleapis-common

jsonwebtoken  <=8.5.1
Severity: moderate
jsonwebtoken unrestricted key type could lead to legacy keys usage  - https://github.com/advisories/GHSA-8cf7-32gw-wr33
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/nexmo/node_modules/jsonwebtoken
node_modules/twilio/node_modules/jsonwebtoken
  nexmo  *
  Depends on vulnerable versions of jsonwebtoken
  Depends on vulnerable versions of request
  node_modules/nexmo


netmask  <=2.0.0
Severity: critical
Improper parsing of octal bytes in netmask - https://github.com/advisories/GHSA-4c7m-wxvm-r7gc
netmask npm package mishandles octal input data - https://github.com/advisories/GHSA-pch5-whg9-qr2r
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/netmask

node-fetch  <=2.6.6
Severity: high
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/isomorphic-fetch/node_modules/node-fetch
  isomorphic-fetch  2.0.0 - 2.2.1
  Depends on vulnerable versions of node-fetch
  node_modules/isomorphic-fetch
    fbjs  0.7.0 - 1.0.0
    Depends on vulnerable versions of isomorphic-fetch
    node_modules/recompose/node_modules/fbjs
      recompose  >=0.18.0
      Depends on vulnerable versions of fbjs
      node_modules/recompose

node-forge  <=1.2.1
Severity: high
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/node-forge
  google-p12-pem  <=3.1.2
  Depends on vulnerable versions of node-forge
  node_modules/google-p12-pem
    gtoken  <=5.0.0
    Depends on vulnerable versions of google-p12-pem
    node_modules/gtoken
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts


passport  <0.6.0
Severity: moderate
Passport vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/passport

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/request
  passport-auth0  <=1.4.0
  Depends on vulnerable versions of request
  node_modules/passport-auth0
  wait-on  <=4.0.2
  Depends on vulnerable versions of request
  node_modules/wait-on

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/simple-update-notifier/node_modules/semver
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier
    nodemon  2.0.19 - 2.0.22
    Depends on vulnerable versions of simple-update-notifier
    node_modules/nodemon

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/tough-cookie

trim-newlines  <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
No fix available
node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  node_modules/meow
    us-area-codes  *
    Depends on vulnerable versions of meow
    node_modules/us-area-codes

validator  <13.7.0
Severity: moderate
Inefficient Regular Expression Complexity in validator.js - https://github.com/advisories/GHSA-qgmg-gppg-76g5
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/validator
  thinky  >=1.15.2
  Depends on vulnerable versions of validator
  node_modules/thinky

xml2js  <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/xml2js
  @bandwidth/numbers  *
  Depends on vulnerable versions of xml2js
  node_modules/@bandwidth/numbers
  selenium-webdriver  2.43.1 - 4.0.0-rc-2
  Depends on vulnerable versions of xml2js
  node_modules/selenium-webdriver

62 vulnerabilities (5 low, 25 moderate, 27 high, 5 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Okay, I have a successful product - thus far!

I am getting that these are dependencies that I need to configure:

npm WARN deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
npm WARN deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
npm WARN deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.

Each of these above dependencies were configured in the package.json and yarn.lock files

Here is a log of all the commands I have used thus far:

10253  gh repo clone StateVoicesNational/Spoke_Hackathon_Fork
10254  ls
10255  cd Spoke_Hackathon_Fork
10256  git checkout -b node20-update-II
10257  node -v
10258  npm -v
10259  npm outdated
10260  npm install
10261  npm outdated
10262  git status
10263  git add .
10264  git commit -m "Ran npm install and got a yarn.lock file update.  Keeping to learning purposes"
10265  npm audit
10266  npm ls
10267  npm outdated --depth
10268  npm install @babel/cli 7.23.4 --save
10269  npm install @babel/[email protected] --save
10270  git status
10271  git add .
10272  git commit -m "Adds @babel/[email protected] to dependencies"
10273  npm ls @babel/[email protected]
10274  npm ls @babel/[email protected] --depth
10275  npm ls @babel/core
10276  npm install @babel/[email protected] --save
10277  git status
10278  git add .
10279  git status"\n"
10280  git status
10281  git add .
10282  git commit -m "Removes web-cli from optional dependencies"
10283  git status
10284  npm ls @babel/traverse
10285  npm install @babel/[email protected] --save
10286  git status
10287  git add .
10288  git commit -m "Adds babel/traverse version 7.23.2 to package and yarn lock"
10289  git push origin node20-update-II
10290  npm audit fix
10291  git status
10292  git add .
10293  git commit -m "Ran npm audit fix"
10294  git push origin node20-update-II
10295  npm audit
10296  npm outdated --depth
10297  npm use
10298  npm install
10299  npm un [email protected]
10300  git status
10301  npm uninstall [email protected]
10302  npm install [email protected] --save
10303  npm install [email protected]
10304  npm install [email protected] --save
10305  npm install
10306  git add .
10307  git commit -m "Adds react-dnd version 7.7.0 to dependencies"
10308  git push origin node20-update-II
10309  npm outdated
10310  npm ls @babel/core
10311  npm audit
10312* npm ls @cypress/request
10313* npm install @cypress/[email protected] --save
10314  npm ls @cypress/request
10315  npm up @cypress/request
10316  git status
10317  yarn dev
10318  cp .env.example .env
10319  yarn dev
10320  npm install [email protected] --save
10321  npm install [email protected]
10322  git status
10323  git add .
10324  history
10325  git status
10326  yarn dev
10327  npm ls aws-sdk --all
10328  npx aws-sdk-js-codemod -t v2-to-v3 /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/action-handlers/mobilecommons-signup.js
10329  git status
10330  git add .
10331  git commit -m "Updates mobilecommons-signup to remove aws-sdk which is deprecated"
10332  yarn dev
10333  git push origin node20-update-II
10334  npm install @babel/plugin-transform-class-properties
10335  git add .
10336  git commit -m "Adds babel/plugin-transform-class-properties to project dependencies"
10337  yarn dev
10338  git push origin node20-update-II
10339  npm install @babel/plugin-transform-nullish-coalescing-operator --save
10340  git add .
10341  git commit -m "Adds @babel/plugin-transform-nullish-coalescing-operator to project dependencies"
10342  yarn dev
10343  git push origin node20-update-II
10344  npm install @babel/plugin-transform-optional-chaining
10345  git add .
10346  git commit -m "Adds @babel/plugin-transform-optional-chaining into project dependencies"
10347  yarn dev
10348  git push origin node20-update-II
10349  npx aws-sdk-js-codemod -t v2-to-v3 /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/action-handlers/revere-signup.js
10350  git status
10351  git add .
10352  git commit -m "Upgrades revere-signup to aws-sdk to version 3 standards"
10353  yarn dev
 ariqueaguilar@Ariques-MBP  node-update/Spoke_Hackathon_Fork   node20-update-II 
>

Okay, so I updated contact loaders csv-s3-upload/index.js and there was no breaking change, but then I upgraded s3-pull/index.js and the app crashed, mysteriously compiled, but then I couldn't log in.
As of right now, I am tabling any further updates on s3-pull/index.js
updating jobs.js and I have an ingestMethod in this document. So I'm expecting something to break when I run yarn dev.

CONTACT_LOADERS failed to load ingestMethod csv-upload Error: Cannot find module '@aws-sdk/client-lambda'
Require stack:
3:13:45 PM server.1  |  - /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/workers/jobs.js
3:13:45 PM server.1  |  - /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/contact-loaders/helpers.js
3:13:45 PM server.1  |  - /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/contact-loaders/csv-upload/index.js
3:13:45 PM server.1  |  - /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/contact-loaders/index.js
3:13:45 PM server.1  |  - /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/server/api/schema.js
3:13:45 PM server.1  |  - /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/server/index.js
3:13:45 PM server.1  |  - /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/dev-tools/babel-run

Since I know that the application was working swimmingly before this change, I feel comfortable committing this change and pursuring these required stack documents for proper updates.
getting an error that a module is missing.
adding @aws-sdk/s3-request-presigner
adding @aws-sdk/client-s3
adding @aws-sdk/client-sqs
END OF BREAKING CHANGES! YAY!
I now only have three documents that require the javascript 3 update:
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/lambda.js
- All that happened here was that const AWS = require("aws-sdk") was removed from the top. and the application runs successfully. Going to check if there are more documents that have the above const.
- No other documents have this requirement. The aws-sdk error is officially fixed! YAY!
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/server/telemetry.js
- after installing the two new dependencies, I realized that the application is no longer requesting that I update to javascript s3. But I have one more file to do, the lambda above. Let's see what it requires and how it breaks.
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/job-runners/lambda-async/index.js
- now using @aws-sdk/client-lambda << might have to install it in dependencies!
- never mind! it's already installed? Yup! Installed it earlier! Moving on!
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/contact-loaders/s3-pull/index.js (finished with no breaking changes!)

Alright, I have a type error once I started fidgeting around with the application, going to list it below to get help with it from Daniel

4:03:25 PM server.1  |    error: TypeError: Field error: value is not an instance of Date
4:03:25 PM server.1  |        at serialize (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql-date/index.js:14:5)
4:03:25 PM server.1  |        at GraphQLScalarType.serialize (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/type/definition.js:418:12)
4:03:25 PM server.1  |        at completeLeafValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:701:37)
4:03:25 PM server.1  |        at completeValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:649:12)
4:03:25 PM server.1  |        at completeValueWithLocatedError (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:580:21)
4:03:25 PM server.1  |        at completeValueCatchingError (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:556:21)
4:03:25 PM server.1  |        at resolveField (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:497:10)
4:03:25 PM server.1  |        at /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:364:18
4:03:25 PM server.1  |        at Array.reduce (<anonymous>)
4:03:25 PM server.1  |        at executeFields (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:361:42)
4:03:25 PM server.1  |        at collectAndExecuteSubfields (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:772:10)
4:03:25 PM server.1  |        at completeObjectValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:762:10)
4:03:25 PM server.1  |        at completeValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:660:12)
4:03:25 PM server.1  |        at completeValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:629:21)
4:03:25 PM server.1  |        at completeValueWithLocatedError (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:580:21)
4:03:25 PM server.1  |        at completeValueCatchingError (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:550:12)
4:03:25 PM server.1  |        at resolveField (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:497:10)
4:03:25 PM server.1  |        at /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:364:18
4:03:25 PM server.1  |        at Array.reduce (<anonymous>)
4:03:25 PM server.1  |        at executeFields (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:361:42)
4:03:25 PM server.1  |        at collectAndExecuteSubfields (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:772:10)
4:03:25 PM server.1  |        at completeObjectValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:762:10)
4:03:25 PM server.1  |        at completeValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:660:12)
4:03:25 PM server.1  |        at completeValueWithLocatedError (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:580:21)
4:03:25 PM server.1  |        at completeValueCatchingError (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:556:21)
4:03:25 PM server.1  |        at /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:684:25
4:03:25 PM server.1  |        at Array.forEach (<anonymous>)
4:03:25 PM server.1  |        at forEach (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/iterall/index.js:83:25)
4:03:25 PM server.1  |        at completeListValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:680:24)
4:03:25 PM server.1  |        at completeValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:643:12)
4:03:25 PM server.1  |        at completeValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:629:21)
4:03:25 PM server.1  |        at completeValueWithLocatedError (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:580:21)
4:03:25 PM server.1  |        at completeValueCatchingError (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:550:12)
4:03:25 PM server.1  |        at resolveField (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:497:10)
4:03:25 PM server.1  |        at /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:364:18
4:03:25 PM server.1  |        at Array.reduce (<anonymous>)
4:03:25 PM server.1  |        at executeFields (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:361:42)
4:03:25 PM server.1  |        at collectAndExecuteSubfields (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:772:10)
4:03:25 PM server.1  |        at completeObjectValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:762:10)
4:03:25 PM server.1  |        at completeValue (/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:660:12)
4:03:25 PM server.1  |        at /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/node_modules/graphql/execution/execute.js:617:14
4:03:25 PM server.1  |        at async Promise.all (index 0)
4:03:25 PM server.1  |        at async Promise.all (index 0) {
4:03:25 PM server.1  |      locations: [ { line: 22, column: 9 } ],
4:03:25 PM server.1  |      path: [ 'conversations', 'conversations', 0, 'contact', 'updated_at' ]
4:03:25 PM server.1  |    },
4:03:25 PM server.1  |    msg: 'GraphQL error'
4:03:25 PM server.1  |  }

Arique1104/worklog-12-2-23.md Secret

Worklog 12-2-23