Comments (6)
Yes with your workaround the installation is done with the last version, that's better, but there is still the vulnerabilities issue. I was able to reproduce it with your example too :
$ npm i --save @readme/markdown
npm WARN deprecated [email protected]: Use String.prototype.trim() instead
npm WARN deprecated [email protected]: Use String.prototype.trim() instead
npm WARN deprecated [email protected]: this package has been merged into graphql-language-service
npm WARN deprecated [email protected]: this package has been merged into graphql-language-service
npm WARN deprecated [email protected]: this package has been merged into graphql-language-service
npm WARN deprecated [email protected]: this package has been merged into graphql-language-service
added 266 packages, and audited 267 packages in 3s
86 packages are looking for funding
run `npm fund` for details
5 vulnerabilities (2 moderate, 3 high)
To address all issues, run:
npm audit fix
Run `npm audit` for details.
Thank you for your time.
from markdown.
Yes with your workaround the installation is done with the last version, that's better, but there is still the vulnerabilities issue. I was able to reproduce it with your example too :
Ah yes, thanks! Working an update now, have to fix some upstream deps.
from markdown.
Scratch that. v6.75.1 tried to use npm-shrinkwrap.json
to handle overriding implicit dependencies with security warnings. But that was causing me too many issues. I've release v6.76.0 that rolls that back.
Most of the warnings are fixed, but you'll have to do an override yourself:
$ npm init -y
$ npm i @readme/markdown@latest --legacy-peer-deps # @readme/variable needs a dependency update still
Update package.json
{
"name": "test",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"dependencies": {
"@readme/markdown": "^6.76.0"
},
"overrides": {
"trim": "1.0.1"
}
}
$ npm i
$ npm audit
found 0 vulnerabilities
from markdown.
found 0 vulnerabilities
Thank you very much !
from markdown.
Hmm, I'm very confused why it's trying to install react@18?
Locally, I was able to reproduce this with:
npm init -y
npm i --save @readme/markdown
I get this error:
$ npm i --save @readme/markdown
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR! peer react@"16.x || 17.x || 18.x" from @readme/[email protected]
npm ERR! node_modules/@readme/variable
npm ERR! peer @readme/variable@"^15.1.3" from @readme/[email protected]
npm ERR! node_modules/@readme/markdown
npm ERR! @readme/markdown@"*" from the root project
npm ERR! peer react@"^18.2.0" from [email protected]
npm ERR! node_modules/react-dom
npm ERR! peer react-dom@"16.x || 17.x || 18.x" from @readme/[email protected]
npm ERR! node_modules/@readme/variable
npm ERR! peer @readme/variable@"^15.1.3" from @readme/[email protected]
npm ERR! node_modules/@readme/markdown
npm ERR! @readme/markdown@"*" from the root project
npm ERR! peer react-dom@">=16.8" from @tippyjs/[email protected]
npm ERR! node_modules/@tippyjs/react
npm ERR! peer @tippyjs/react@"^4.1.0" from @readme/[email protected]
npm ERR! node_modules/@readme/markdown
npm ERR! @readme/markdown@"*" from the root project
npm ERR! 1 more (@tippyjs/react)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^16.14.0" from @readme/[email protected]
npm ERR! node_modules/@readme/markdown
npm ERR! @readme/markdown@"*" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR!
npm ERR! For a full report see:
npm ERR! /home/kelly/.npm/_logs/2024-03-06T19_12_17_802Z-eresolve-report.txt
npm ERR! A complete log of this run can be found in: /home/kelly/.npm/_logs/2024-03-06T19_12_17_802Z-debug-0.log
I was able to workaround it with the overrides
config.
My test package.json:
{
"name": "test",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"overrides": {
"@readme/variable": {
"react": "16.x"
}
},
"dependencies": {
"@readme/markdown": "^6.74.2"
}
}
The workaround is the section:
"overrides": {
"@readme/variable": {
"react": "16.x"
}
},
which forces installing react@16.
from markdown.
Can you try the latest release, v6.75.1?
from markdown.
Related Issues (20)
- Investigate double curly-brace errors.
- Normalize list indentation.
- Markdown code block closing incorrectly HOT 1
- Should tabbed code blocks allow indentation? HOT 1
- Should tabbed code blocks allow an unclosed code block? HOT 3
- Quoted tabbed code blocks??? HOT 1
- Should allow blank headers of depth greater than 1 HOT 1
- Should handle strong emphasis correctly
- Integrate TOC styling
- Feature request: allow sanitization configuration HOT 1
- SECURITY: High Severity Vulnerability HOT 2
- Markdown syntax for images that supports sizing and captions HOT 6
- React processor throws "ReferenceError: process is not defined" HOT 1
- Module not found: Can't resolve '@readme/variable' HOT 6
- Syntax for setting up code blocks in nextjs & typescript HOT 2
- Are mermaid style diagrams supported? HOT 1
- Don't insert <br> on new lines when syncing markdown HOT 10
- Mermaid.js Support HOT 3
- React 18 support? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from markdown.