NEWS
js-controller 4.0.x jetzt für alle User im STABLE!
ioBroker Allgemein
501
Beiträge
83
Kommentatoren
156.0k
Aufrufe
58
Watching
-
root@ioBroker:~# npm i iobroker.js-controller@4.0.18 --production added 150 packages, removed 169 packages, changed 46 packages, and audited 311 packages in 1m 16 packages are looking for funding run `npm fund` for details 4 moderate severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. root@ioBroker:~# npm fund root +-- https://opencollective.com/ioredis | `-- ioredis@4.28.5 +-- https://github.com/sindresorhus/execa?sponsor=1 | | `-- execa@5.1.1 | `-- https://github.com/sponsors/sindresorhus | `-- get-stream@6.0.1, is-stream@2.0.1, onetime@5.1.2 +-- https://github.com/sponsors/RubenVerborgh | `-- follow-redirects@1.14.9 +-- https://paulmillr.com/funding/ | | `-- chokidar@3.5.3 | `-- https://github.com/sponsors/jonschlinkert | `-- picomatch@2.3.1 +-- https://github.com/sponsors/feross | `-- safe-buffer@5.2.1 +-- https://github.com/sponsors/ljharb | `-- is-nan@1.3.2, call-bind@1.0.2, get-intrinsic@1.1.1, has-symbols@1.0.3 +-- https://github.com/sponsors/epoberezkin | `-- ajv@6.12.6 `-- https://github.com/chalk/wrap-ansi?sponsor=1 | `-- wrap-ansi@7.0.0 `-- https://github.com/chalk/ansi-styles?sponsor=1 `-- ansi-styles@4.3.0 root@ioBroker:~# npm audit # npm audit report ansi-regex >2.1.1 <5.0.1 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix` node_modules/ansi-regex strip-ansi 4.0.0 - 5.2.0 Depends on vulnerable versions of ansi-regex node_modules/strip-ansi cliui 4.0.0 - 5.0.0 Depends on vulnerable versions of strip-ansi node_modules/cliui yargs 8.0.0-candidate.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of yargs-parser node_modules/yargs iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller string-width 2.1.0 - 4.1.0 Depends on vulnerable versions of strip-ansi node_modules/string-width debug <2.6.9 Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c fix available via `npm audit fix` node_modules/engine.io-client/node_modules/debug node_modules/engine.io/node_modules/debug node_modules/socket.io-adapter/node_modules/debug node_modules/socket.io-client/node_modules/debug node_modules/socket.io-parser/node_modules/debug node_modules/socket.io/node_modules/debug engine.io <=4.0.0-alpha.1 Depends on vulnerable versions of debug Depends on vulnerable versions of ws node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client socket.io-adapter <=1.1.0 Depends on vulnerable versions of debug Depends on vulnerable versions of socket.io-parser node_modules/socket.io-adapter socket.io-parser <=3.3.1 Depends on vulnerable versions of debug node_modules/socket.io-parser engine.io <=4.0.0-alpha.1 Severity: high Resource exhaustion in engine.io - https://github.com/advisories/GHSA-j4f2-536g-r55m Depends on vulnerable versions of debug Depends on vulnerable versions of ws fix available via `npm audit fix` node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller iobroker.js-controller <=2.1.1 Severity: high Arbitrary File Write in iobroker.js-controller - https://github.com/advisories/GHSA-cmch-296j-wfvw Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs fix available via `npm audit fix` node_modules/iobroker.js-controller minimist <0.2.1 Severity: moderate Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via `npm audit fix` node_modules/winston-daily-rotate-file/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/winston-daily-rotate-file/node_modules/mkdirp winston-daily-rotate-file 1.7.0 - 1.7.2 Depends on vulnerable versions of mkdirp node_modules/winston-daily-rotate-file iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller parsejson * Severity: high Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp fix available via `npm audit fix` node_modules/parsejson engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller redis 2.6.0 - 3.1.0 Potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3 fix available via `npm audit fix` node_modules/redis iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller socket.io <=2.4.1 Severity: high Insecure defaults due to CORS misconfiguration in socket.io - https://github.com/advisories/GHSA-fxwf-4rqh-v8g3 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser fix available via `npm audit fix` node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller socket.io-parser <=3.3.1 Severity: high Resource exhaustion in socket.io-parser - https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 Depends on vulnerable versions of debug fix available via `npm audit fix` node_modules/socket.io-parser socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller socket.io-adapter <=1.1.0 Depends on vulnerable versions of debug Depends on vulnerable versions of socket.io-parser node_modules/socket.io-adapter socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client ws <=1.1.4 Severity: high Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm fix available via `npm audit fix` node_modules/engine.io-client/node_modules/ws node_modules/engine.io/node_modules/ws engine.io <=4.0.0-alpha.1 Depends on vulnerable versions of debug Depends on vulnerable versions of ws node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client xmlhttprequest-ssl <=1.6.1 Severity: critical Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5 Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg fix available via `npm audit fix` node_modules/xmlhttprequest-ssl engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller yargs-parser 6.0.0 - 13.1.1 Severity: moderate Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp fix available via `npm audit fix` node_modules/yargs-parser yargs 8.0.0-candidate.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of yargs-parser node_modules/yargs iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller 21 vulnerabilities (2 low, 9 moderate, 7 high, 3 critical) To address all issues, run: npm audit fixbedeutet das ein npm audit fix ausführen?
@feinfinger sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
bedeutet das ein npm audit fix ausführen?
NEIN..
und stell dich mal richtig hin
cd /opt/iobroker npm i iobroker.js-controller@4.0.18 --productionund erst dann
wobei mach direkt die .19 drauf
npm i iobroker.js-controller@4.0.19 --production -
root@ioBroker:~# npm i iobroker.js-controller@4.0.18 --production added 150 packages, removed 169 packages, changed 46 packages, and audited 311 packages in 1m 16 packages are looking for funding run `npm fund` for details 4 moderate severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. root@ioBroker:~# npm fund root +-- https://opencollective.com/ioredis | `-- ioredis@4.28.5 +-- https://github.com/sindresorhus/execa?sponsor=1 | | `-- execa@5.1.1 | `-- https://github.com/sponsors/sindresorhus | `-- get-stream@6.0.1, is-stream@2.0.1, onetime@5.1.2 +-- https://github.com/sponsors/RubenVerborgh | `-- follow-redirects@1.14.9 +-- https://paulmillr.com/funding/ | | `-- chokidar@3.5.3 | `-- https://github.com/sponsors/jonschlinkert | `-- picomatch@2.3.1 +-- https://github.com/sponsors/feross | `-- safe-buffer@5.2.1 +-- https://github.com/sponsors/ljharb | `-- is-nan@1.3.2, call-bind@1.0.2, get-intrinsic@1.1.1, has-symbols@1.0.3 +-- https://github.com/sponsors/epoberezkin | `-- ajv@6.12.6 `-- https://github.com/chalk/wrap-ansi?sponsor=1 | `-- wrap-ansi@7.0.0 `-- https://github.com/chalk/ansi-styles?sponsor=1 `-- ansi-styles@4.3.0 root@ioBroker:~# npm audit # npm audit report ansi-regex >2.1.1 <5.0.1 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix` node_modules/ansi-regex strip-ansi 4.0.0 - 5.2.0 Depends on vulnerable versions of ansi-regex node_modules/strip-ansi cliui 4.0.0 - 5.0.0 Depends on vulnerable versions of strip-ansi node_modules/cliui yargs 8.0.0-candidate.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of yargs-parser node_modules/yargs iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller string-width 2.1.0 - 4.1.0 Depends on vulnerable versions of strip-ansi node_modules/string-width debug <2.6.9 Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c fix available via `npm audit fix` node_modules/engine.io-client/node_modules/debug node_modules/engine.io/node_modules/debug node_modules/socket.io-adapter/node_modules/debug node_modules/socket.io-client/node_modules/debug node_modules/socket.io-parser/node_modules/debug node_modules/socket.io/node_modules/debug engine.io <=4.0.0-alpha.1 Depends on vulnerable versions of debug Depends on vulnerable versions of ws node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client socket.io-adapter <=1.1.0 Depends on vulnerable versions of debug Depends on vulnerable versions of socket.io-parser node_modules/socket.io-adapter socket.io-parser <=3.3.1 Depends on vulnerable versions of debug node_modules/socket.io-parser engine.io <=4.0.0-alpha.1 Severity: high Resource exhaustion in engine.io - https://github.com/advisories/GHSA-j4f2-536g-r55m Depends on vulnerable versions of debug Depends on vulnerable versions of ws fix available via `npm audit fix` node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller iobroker.js-controller <=2.1.1 Severity: high Arbitrary File Write in iobroker.js-controller - https://github.com/advisories/GHSA-cmch-296j-wfvw Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs fix available via `npm audit fix` node_modules/iobroker.js-controller minimist <0.2.1 Severity: moderate Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via `npm audit fix` node_modules/winston-daily-rotate-file/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/winston-daily-rotate-file/node_modules/mkdirp winston-daily-rotate-file 1.7.0 - 1.7.2 Depends on vulnerable versions of mkdirp node_modules/winston-daily-rotate-file iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller parsejson * Severity: high Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp fix available via `npm audit fix` node_modules/parsejson engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller redis 2.6.0 - 3.1.0 Potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3 fix available via `npm audit fix` node_modules/redis iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller socket.io <=2.4.1 Severity: high Insecure defaults due to CORS misconfiguration in socket.io - https://github.com/advisories/GHSA-fxwf-4rqh-v8g3 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser fix available via `npm audit fix` node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller socket.io-parser <=3.3.1 Severity: high Resource exhaustion in socket.io-parser - https://github.com/advisories/GHSA-xfhh-g9f5-x4m4 Depends on vulnerable versions of debug fix available via `npm audit fix` node_modules/socket.io-parser socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller socket.io-adapter <=1.1.0 Depends on vulnerable versions of debug Depends on vulnerable versions of socket.io-parser node_modules/socket.io-adapter socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client ws <=1.1.4 Severity: high Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm fix available via `npm audit fix` node_modules/engine.io-client/node_modules/ws node_modules/engine.io/node_modules/ws engine.io <=4.0.0-alpha.1 Depends on vulnerable versions of debug Depends on vulnerable versions of ws node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client xmlhttprequest-ssl <=1.6.1 Severity: critical Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5 Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg fix available via `npm audit fix` node_modules/xmlhttprequest-ssl engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller yargs-parser 6.0.0 - 13.1.1 Severity: moderate Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp fix available via `npm audit fix` node_modules/yargs-parser yargs 8.0.0-candidate.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of yargs-parser node_modules/yargs iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller 21 vulnerabilities (2 low, 9 moderate, 7 high, 3 critical) To address all issues, run: npm audit fixbedeutet das ein npm audit fix ausführen?
@feinfinger sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
root@ioBroker
Und hüpf da nicht als root rum.
-
@feinfinger sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
bedeutet das ein npm audit fix ausführen?
NEIN..
und stell dich mal richtig hin
cd /opt/iobroker npm i iobroker.js-controller@4.0.18 --productionund erst dann
wobei mach direkt die .19 drauf
npm i iobroker.js-controller@4.0.19 --productionDanke für die Hilfe, aber da ist wohl mehr im Busch.
Frage mich, warum updates bisher immer geklappt haben?
root@ioBroker:/opt/iobroker# npm i iobroker.js-controller@4.0.19 --production npm ERR! code ENOTEMPTY npm ERR! syscall rename npm ERR! path /opt/iobroker/node_modules/abab npm ERR! dest /opt/iobroker/node_modules/.abab-bvmibCm3 npm ERR! errno -39 npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abab' -> '/opt/iobroker/node_modules/.abab-bvmibCm3' npm ERR! A complete log of this run can be found in: npm ERR! /home/iobroker/.npm/_logs/2022-03-07T08_39_26_200Z-debug-0.logiob als LXC im Proxmox
Node.js: v22.19.0
NPM: 10.9.3
js-controller 7.0.7 -
Danke für die Hilfe, aber da ist wohl mehr im Busch.
Frage mich, warum updates bisher immer geklappt haben?
root@ioBroker:/opt/iobroker# npm i iobroker.js-controller@4.0.19 --production npm ERR! code ENOTEMPTY npm ERR! syscall rename npm ERR! path /opt/iobroker/node_modules/abab npm ERR! dest /opt/iobroker/node_modules/.abab-bvmibCm3 npm ERR! errno -39 npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abab' -> '/opt/iobroker/node_modules/.abab-bvmibCm3' npm ERR! A complete log of this run can be found in: npm ERR! /home/iobroker/.npm/_logs/2022-03-07T08_39_26_200Z-debug-0.log@feinfinger sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
directory not empty, rename '/opt/iobroker/node_modules/abab' -> '/opt/iobroker/node_modules/.abab-bvmibCm3'
Dann mach das doch mal.
-
@feinfinger sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
directory not empty, rename '/opt/iobroker/node_modules/abab' -> '/opt/iobroker/node_modules/.abab-bvmibCm3'
Dann mach das doch mal.
Dann kommt der nächste Fehler...
root@ioBroker:/opt/iobroker# npm i iobroker.js-controller@4.0.19 --production npm ERR! code ENOTEMPTY npm ERR! syscall rename npm ERR! path /opt/iobroker/node_modules/abbrev npm ERR! dest /opt/iobroker/node_modules/.abbrev-5eNud0FY npm ERR! errno -39 npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abbrev' -> '/opt/iobroker/node_modules/.abbrev-5eNud0FY'Was mich wundert ist, das diese Ordner alle vorhanden sind...
iob als LXC im Proxmox
Node.js: v22.19.0
NPM: 10.9.3
js-controller 7.0.7 -
Dann kommt der nächste Fehler...
root@ioBroker:/opt/iobroker# npm i iobroker.js-controller@4.0.19 --production npm ERR! code ENOTEMPTY npm ERR! syscall rename npm ERR! path /opt/iobroker/node_modules/abbrev npm ERR! dest /opt/iobroker/node_modules/.abbrev-5eNud0FY npm ERR! errno -39 npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abbrev' -> '/opt/iobroker/node_modules/.abbrev-5eNud0FY'Was mich wundert ist, das diese Ordner alle vorhanden sind...
@feinfinger
Dann mache es nochmal...
Und wie gesagt, hampel da nicht als root rum. -
@feinfinger
Dann mache es nochmal...
Und wie gesagt, hampel da nicht als root rum.@thomas-braun
Und hüpf da nicht als root rum.
Ich habe eben meine Installation (Docker-Image von Buanet) meinen js-Controller auf 4.0.18 hochgezogen. In der Console hab ich dazu 'root@iobroker:/opt/iobroker# iob upgrade self' ausgeführt. Dieser root ist ja so vorgegeben! Ist das ein anderer root, so dass ich den benutzen darf ?Host: Fujitsu Intel(R) Pentium(R) CPU G4560T, 32 GB RAM, Proxmox 8.x + lxc Ubuntu 22.04
ioBroker (8 GB RAM) Node.js: 20.19.1, NPM: 10.8.2, js-Controller: 7.0.6, Admin: 7.6.3
Wetterstation: Froggit WH3000SE V1.6.6 -
@thomas-braun
Und hüpf da nicht als root rum.
Ich habe eben meine Installation (Docker-Image von Buanet) meinen js-Controller auf 4.0.18 hochgezogen. In der Console hab ich dazu 'root@iobroker:/opt/iobroker# iob upgrade self' ausgeführt. Dieser root ist ja so vorgegeben! Ist das ein anderer root, so dass ich den benutzen darf ?@rene55 sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
Dieser root ist ja so vorgegeben!
Auch im Docker kann man user anlegen, wenn es nicht gerade auf sowas wie einer Synology läuft. Da geht's wohl aus irgendwelchen Gründen nicht.
Als standard user zu agieren ist absolut 'best practice' und so in modernen Linux-Distributionen vorgesehen.
-
@rene55 sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
Dieser root ist ja so vorgegeben!
Auch im Docker kann man user anlegen, wenn es nicht gerade auf sowas wie einer Synology läuft. Da geht's wohl aus irgendwelchen Gründen nicht.
Als standard user zu agieren ist absolut 'best practice' und so in modernen Linux-Distributionen vorgesehen.
@thomas-braun Wenn ich eine eigene Linux-Installation mache gibt's immer einen User - root benutz ich gar nicht. Ich werd den Teufel tun, und im Container von Buanet irgendeinen Benutzer anzulegen. Da Frage ich mich doch allen ernstes, warum der Container nicht direkt mit einem separaten Benutzer z.B. iobroker kommt. Hierdrauf brauchst du nicht zu antworten - das weiß nur @buanet.
Host: Fujitsu Intel(R) Pentium(R) CPU G4560T, 32 GB RAM, Proxmox 8.x + lxc Ubuntu 22.04
ioBroker (8 GB RAM) Node.js: 20.19.1, NPM: 10.8.2, js-Controller: 7.0.6, Admin: 7.6.3
Wetterstation: Froggit WH3000SE V1.6.6 -
@thomas-braun Wenn ich eine eigene Linux-Installation mache gibt's immer einen User - root benutz ich gar nicht. Ich werd den Teufel tun, und im Container von Buanet irgendeinen Benutzer anzulegen. Da Frage ich mich doch allen ernstes, warum der Container nicht direkt mit einem separaten Benutzer z.B. iobroker kommt. Hierdrauf brauchst du nicht zu antworten - das weiß nur @buanet.
@rene55 ich habe heute im Docker auf der Synology auch das update auf die 4.0.18 gemacht.
habe bis dato keine Probleme bemerkt, außer:
Vorher zeigte der host im iobroker admin 4% CPU (und im Synology der Container auch ca. 4-5% CPU an).
Nach dem Update zeigt der host im iobroker admin immer noch ca. 4% an, der container im synology allerdings ca. 10%. -
@pupsimupsi sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
Was bedeutet das?
Kann oder muss ich da was tun?Steht oben in der FAQ ... Post #2 in diesem Thread :-)
@apollon77
Hallo zusammen ich habe gerade meinen iobroker updatet und leider läuft er nicht mehr…Die console sagt bei jeden Command das (siehe Bild)
Was ist der Fehler ??
Lg
English -
@apollon77
Hallo zusammen ich habe gerade meinen iobroker updatet und leider läuft er nicht mehr…Die console sagt bei jeden Command das (siehe Bild)
Was ist der Fehler ??
Lg
EnglishScreenshots sind schon Mist. Bilder von Monitoren sind Megamist.
Per ssh einloggen und Konsolentext in CodeTags posten. -
Hallo Zusammen,
ich habe auch vor ein paar Tagen das Update auf 4.x.x durchgeführt.
Im ersten Moment eigentlich alles gut, nur gerade ist mir Folgendes aufgefallen:
https://forum.iobroker.net/topic/53166/fehler-ein-aus-zustand-switch-active-skript
Kann das ein Fehler in der Version 4.0.0 bzw. der neuen Datenbank sein?
Gruß
-
Screenshots sind schon Mist. Bilder von Monitoren sind Megamist.
Per ssh einloggen und Konsolentext in CodeTags posten.@thomas-braun
Ok das nächste Mal werde ich es besser machen.Aber was ist das Problem vom ioBroker ?
-
@thomas-braun
Ok das nächste Mal werde ich es besser machen.Aber was ist das Problem vom ioBroker ?
@mr-english sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
Aber was ist das Problem vom ioBroker ?
Da man das nicht entziffern kann...
Keine Ahnung. -
@thomas-braun
Ok das nächste Mal werde ich es besser machen.Aber was ist das Problem vom ioBroker ?
cd /opt/iobroker/ npm install iobroker.js-controller@4.0.19Ich gehe zumindest davon aus das du diese Version haben willst, oder?
-
@mr-english sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
Aber was ist das Problem vom ioBroker ?
Da man das nicht entziffern kann...
Keine Ahnung.Hier ist es alles noch einmal ordentlich 😁
pi@raspberrypi4-iob:~ $ iob start pi@raspberrypi4-iob:~ $ iob backup internal/modules/cjs/loader.js:818 throw err; ^ Error: Cannot find module '/opt/iobroker/node_modules/iobroker.js-controller/iobroker.js' at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15) at Function.Module._load (internal/modules/cjs/loader.js:667:27) at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) at internal/main/run_main_module.js:17:47 { code: 'MODULE_NOT_FOUND', requireStack: [] } pi@raspberrypi4-iob:~ $ iob -v internal/modules/cjs/loader.js:818 throw err; ^ Error: Cannot find module '/opt/iobroker/node_modules/iobroker.js-controller/iobroker.js' at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15) at Function.Module._load (internal/modules/cjs/loader.js:667:27) at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) at internal/main/run_main_module.js:17:47 { code: 'MODULE_NOT_FOUND', requireStack: [] } pi@raspberrypi4-iob:~ $ iob status internal/modules/cjs/loader.js:818 throw err; ^ Error: Cannot find module '/opt/iobroker/node_modules/iobroker.js-controller/iobroker.js' at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15) at Function.Module._load (internal/modules/cjs/loader.js:667:27) at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) at internal/main/run_main_module.js:17:47 { code: 'MODULE_NOT_FOUND', requireStack: [] } pi@raspberrypi4-iob:~ $ -
Hier ist es alles noch einmal ordentlich 😁
pi@raspberrypi4-iob:~ $ iob start pi@raspberrypi4-iob:~ $ iob backup internal/modules/cjs/loader.js:818 throw err; ^ Error: Cannot find module '/opt/iobroker/node_modules/iobroker.js-controller/iobroker.js' at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15) at Function.Module._load (internal/modules/cjs/loader.js:667:27) at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) at internal/main/run_main_module.js:17:47 { code: 'MODULE_NOT_FOUND', requireStack: [] } pi@raspberrypi4-iob:~ $ iob -v internal/modules/cjs/loader.js:818 throw err; ^ Error: Cannot find module '/opt/iobroker/node_modules/iobroker.js-controller/iobroker.js' at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15) at Function.Module._load (internal/modules/cjs/loader.js:667:27) at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) at internal/main/run_main_module.js:17:47 { code: 'MODULE_NOT_FOUND', requireStack: [] } pi@raspberrypi4-iob:~ $ iob status internal/modules/cjs/loader.js:818 throw err; ^ Error: Cannot find module '/opt/iobroker/node_modules/iobroker.js-controller/iobroker.js' at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15) at Function.Module._load (internal/modules/cjs/loader.js:667:27) at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) at internal/main/run_main_module.js:17:47 { code: 'MODULE_NOT_FOUND', requireStack: [] } pi@raspberrypi4-iob:~ $ -
@thomas-braun sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
sudo -H -u iobroker npm install iobroker.js-controller
Tztztz… Direkt immer der Holzhammer :grinning: :grimacing:
Bitte keine Fragen per PN, die gehören ins Forum!
Benutzt das Voting rechts unten im Beitrag wenn er euch geholfen hat.
-
@thomas-braun sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
sudo -H -u iobroker npm install iobroker.js-controller
Tztztz… Direkt immer der Holzhammer :grinning: :grimacing:
@wendy2702 sagte in js-controller 4.0.x jetzt für alle User im STABLE!:
Tztztz… Direkt immer der Holzhammer
Warum Holzhammer? Das bringt jedenfalls gleich die korrekten owner mit.
373
Online32.4k
Benutzer81.5k
Themen1.3m
Beiträge