NEWS
Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update
Error/Bug
169
Beiträge
15
Kommentatoren
24.1k
Aufrufe
12
Watching
-
@thomas-braun ich habe die gleichen Probleme zur Zeit mit drei Adapter, die mit Error 25 bei dem Update fehlschlagen.
- Info Adapter
- Telegram Adapter
- Web-Server
Ich habe gestern mein System auf Debian11 Bullseye, Nodejs 16 und NPM 8 angehoben:
xx@iobroker-prod:~$ which nodejs && nodejs -v && which node && node -v && which npm && npm -v && apt policy nodejs /usr/bin/nodejs v16.15.1 /usr/bin/node v16.15.1 /usr/bin/npm 8.11.0 nodejs: Installiert: 16.15.1-deb-1nodesource1 Installationskandidat: 16.15.1-deb-1nodesource1 Versionstabelle: *** 16.15.1-deb-1nodesource1 100 100 /var/lib/dpkg/status 14.19.3-deb-1nodesource1 500 500 https://deb.nodesource.com/node_14.x bullseye/main amd64 Packages 12.22.5~dfsg-2~11u1 500 500 http://ftp.de.debian.org/debian bullseye/main amd64 Packages 500 http://security.debian.org/debian-security bullseye-security/main amd64 PackagesIch habe den Verlauf hier nach bestem Wissen und Gewissen verfolgt, komme aber nicht weiter. Wenn ich den Info Adapter update mit
iobroker upgrade info --debugdann bekomme ich folgendes:
This upgrade of "info" will introduce the following changes: ========================================================================== -> 1.9.19: Fix audio, USB, bluetooth and printer view ========================================================================== Would you like to upgrade info from @1.9.18 to @1.9.19 now? [(y)es, (n)o]: y Update info from @1.9.18 to @1.9.19 NPM version: 8.11.0 Installing iobroker.info@1.9.19... (System call) npm ERR! code ENOTEMPTY npm ERR! syscall rename npm ERR! path /opt/iobroker/node_modules/abab npm ERR! dest /opt/iobroker/node_modules/.abab-bvmibCm3 npm ERR! errno -39 npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abab' -> '/opt/iobroker/node_modules/.abab-bvmibCm3' npm ERR! A complete log of this run can be found in: npm ERR! /home/iobroker/.npm/_logs/2022-06-24T08_42_05_829Z-debug-0.log host.iobroker-prod Cannot install iobroker.info@1.9.19: 217Debug Telegram Update
xx@iobroker-prod:~$ iobroker upgrade telegram --debug This upgrade of "telegram" will introduce the following changes: ========================================================================== -> 1.12.6: Fix crash cases reported by Sentry -> 1.12.5: Fix crash cases reported by Sentry -> 1.12.4: Fix crash cases reported by Sentry -> 1.12.3: Make sure also not set states can be queried - will return "State not set" in this case! ========================================================================== Would you like to upgrade telegram from @1.12.2 to @1.12.6 now? [(y)es, (n)o]: y Update telegram from @1.12.2 to @1.12.6 NPM version: 8.11.0 Installing iobroker.telegram@1.12.6... (System call) npm ERR! code ENOTEMPTY npm ERR! syscall rename npm ERR! path /opt/iobroker/node_modules/abab npm ERR! dest /opt/iobroker/node_modules/.abab-bvmibCm3 npm ERR! errno -39 npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abab' -> '/opt/iobroker/node_modules/.abab-bvmibCm3' npm ERR! A complete log of this run can be found in: npm ERR! /home/iobroker/.npm/_logs/2022-06-24T09_17_07_612Z-debug-0.log host.iobroker-prod Cannot install iobroker.telegram@1.12.6: 217Debug Web Update
xx@iobroker-prod:~$ iobroker upgrade web --debug This upgrade of "web" will introduce the following changes: ========================================================================== -> 4.3.0: Added support of rest-api ========================================================================== Would you like to upgrade web from @4.2.3 to @4.3.0 now? [(y)es, (n)o]: y Update web from @4.2.3 to @4.3.0 host.iobroker-prod Adapter "system.adapter.web.0" is stopped. NPM version: 8.11.0 Installing iobroker.web@4.3.0... (System call) npm ERR! code ENOTEMPTY npm ERR! syscall rename npm ERR! path /opt/iobroker/node_modules/abbrev npm ERR! dest /opt/iobroker/node_modules/.abbrev-5eNud0FY npm ERR! errno -39 npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/abbrev' -> '/opt/iobroker/node_modules/.abbrev-5eNud0FY' npm ERR! A complete log of this run can be found in: npm ERR! /home/iobroker/.npm/_logs/2022-06-24T09_20_20_797Z-debug-0.log host.iobroker-prod Cannot install iobroker.web@4.3.0: 217Was kann ich tun, um die Fehler zu beheben?
@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:
Was kann ich tun, um die Fehler zu beheben?
Verzeichnisse umbenennen.
Und das node16-Repository nochmal anlegen oder die nodesource.list bearbeiten. Das fehlt bei dir und das node16-Paket hängt gerade in der Luft. -
@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:
Was kann ich tun, um die Fehler zu beheben?
Verzeichnisse umbenennen.
Und das node16-Repository nochmal anlegen oder die nodesource.list bearbeiten. Das fehlt bei dir und das node16-Paket hängt gerade in der Luft.@thomas-braun Danke für die schnelle Info!
Ich habe das Gefühl, dass das eine Endloskette wird.
Sobald ich ein Verzeichnis umbenannt habe, kommt beim erneuten ausführen voniobroker upgrade info --debugjedes mal ein neues Verzeichnis, das umbenannt werden möchte. Ist das so richtig? In dem Ordner
node_modules
sind ein paar Unterordner vorhanden, falls die jetzt alle umbenannt werden wollen. ;-) -
@thomas-braun Danke für die schnelle Info!
Ich habe das Gefühl, dass das eine Endloskette wird.
Sobald ich ein Verzeichnis umbenannt habe, kommt beim erneuten ausführen voniobroker upgrade info --debugjedes mal ein neues Verzeichnis, das umbenannt werden möchte. Ist das so richtig? In dem Ordner
node_modules
sind ein paar Unterordner vorhanden, falls die jetzt alle umbenannt werden wollen. ;-)@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:
Ist das so richtig?
Ja.
-
@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:
Was kann ich tun, um die Fehler zu beheben?
Verzeichnisse umbenennen.
Und das node16-Repository nochmal anlegen oder die nodesource.list bearbeiten. Das fehlt bei dir und das node16-Paket hängt gerade in der Luft.@thomas-braun
Die Verzeichnisse sind umbenannt. Jetzt lautet die Fehlermeldung:iobroker upgrade info --debug Installation broken or unknown objects type: jsonl configured.Was meinst du genau mit:
Und das node16-Repository nochmal anlegen oder die nodesource.list bearbeiten.
Was muss ich hier genau machen? Entschuldige bitte, ich bin nicht der Linux Profi. ;-)
-
@thomas-braun
Die Verzeichnisse sind umbenannt. Jetzt lautet die Fehlermeldung:iobroker upgrade info --debug Installation broken or unknown objects type: jsonl configured.Was meinst du genau mit:
Und das node16-Repository nochmal anlegen oder die nodesource.list bearbeiten.
Was muss ich hier genau machen? Entschuldige bitte, ich bin nicht der Linux Profi. ;-)
Schau in meiner Signatur, da erkläre ich wie man mit Repos anlegt, insbesondere das nodesource/nodejs-Repository.
In deiner nodesource.list fehlt eine Zeile die sich auf node16 bezieht
-
@thomas-braun
Die Verzeichnisse sind umbenannt. Jetzt lautet die Fehlermeldung:iobroker upgrade info --debug Installation broken or unknown objects type: jsonl configured.Was meinst du genau mit:
Und das node16-Repository nochmal anlegen oder die nodesource.list bearbeiten.
Was muss ich hier genau machen? Entschuldige bitte, ich bin nicht der Linux Profi. ;-)
-
-
iobroker update -i Installation broken or unknown objects type: jsonl configured.Mehr nicht? Bitte besser die kompletten Ein- und Ausgabezeilen zeigen, dann kann man das besser einordnen.
iobroker status iobroker list instances iobroker list adapters -
Mehr nicht? Bitte besser die kompletten Ein- und Ausgabezeilen zeigen, dann kann man das besser einordnen.
iobroker status iobroker list instances iobroker list adapters@thomas-braun mehr wird nicht in der Console angezeigt:
xx@iobroker-prod:~$ iobroker update -i Installation broken or unknown objects type: jsonl configured. xx@iobroker-prod:~$ iobroker list instances Installation broken or unknown objects type: jsonl configured. xx@iobroker-prod:~$ iobroker list adapters Installation broken or unknown objects type: jsonl configured. xx@iobroker-prod:~$ -
@thomas-braun mehr wird nicht in der Console angezeigt:
xx@iobroker-prod:~$ iobroker update -i Installation broken or unknown objects type: jsonl configured. xx@iobroker-prod:~$ iobroker list instances Installation broken or unknown objects type: jsonl configured. xx@iobroker-prod:~$ iobroker list adapters Installation broken or unknown objects type: jsonl configured. xx@iobroker-prod:~$Installier den js-controller nochmal drüber
-
@thomas-braun mehr wird nicht in der Console angezeigt:
xx@iobroker-prod:~$ iobroker update -i Installation broken or unknown objects type: jsonl configured. xx@iobroker-prod:~$ iobroker list instances Installation broken or unknown objects type: jsonl configured. xx@iobroker-prod:~$ iobroker list adapters Installation broken or unknown objects type: jsonl configured. xx@iobroker-prod:~$@taba_luga xx ist auch ein einfallsreicher Username :joy:
-
Installier den js-controller nochmal drüber
xx@iobroker-prod:~$ npm install iobroker.js-controller npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 added 309 packages, and audited 310 packages in 1m 18 packages are looking for funding run `npm fund` for details 4 vulnerabilities (3 moderate, 1 high) To address all issues, run: npm audit fix Run `npm audit` for details. xx@iobroker-prod:~$und hier npm audit und npm audit --force
xx@iobroker-prod:~$ npm audit # npm audit report node-forge <=1.2.1 Severity: high Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 Prototype Pollution in node-forge util.setPath API - https://github.com/advisories/GHSA-wxgw-qj99-44c2 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq Prototype Pollution in node-forge - https://github.com/advisories/GHSA-92xj-mqp7-vmcj Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 fix available via `npm audit fix --force` Will install iobroker.js-controller@1.5.3, which is a breaking change node_modules/rsa-compat/node_modules/node-forge rsa-compat <=1.9.4 Depends on vulnerable versions of node-forge node_modules/rsa-compat le-acme-core * Depends on vulnerable versions of rsa-compat node_modules/le-acme-core iobroker.js-controller >=1.5.4 Depends on vulnerable versions of le-acme-core node_modules/iobroker.js-controller 4 vulnerabilities (3 moderate, 1 high) To address all issues (including breaking changes), run: npm audit fix --force xx@iobroker-prod:~$ npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating iobroker.js-controller to 1.5.3,which is a SemVer major change. npm WARN deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3 npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) added 173 packages, removed 145 packages, changed 48 packages, and audited 334 packages in 51s 13 packages are looking for funding run `npm fund` for details # npm audit report debug <2.6.9 Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/engine.io-client/node_modules/debug node_modules/engine.io/node_modules/debug node_modules/socket.io-adapter/node_modules/debug node_modules/socket.io-client/node_modules/debug node_modules/socket.io-parser/node_modules/debug node_modules/socket.io/node_modules/debug engine.io <=4.0.0-alpha.1 Depends on vulnerable versions of debug Depends on vulnerable versions of ws node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-adapter Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client socket.io-adapter <=1.1.0 Depends on vulnerable versions of debug Depends on vulnerable versions of socket.io-parser node_modules/socket.io-adapter socket.io-parser <=3.3.1 Depends on vulnerable versions of debug node_modules/socket.io-parser minimist <=1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/winston-daily-rotate-file/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/winston-daily-rotate-file/node_modules/mkdirp winston-daily-rotate-file 1.7.0 - 1.7.2 Depends on vulnerable versions of mkdirp node_modules/winston-daily-rotate-file parsejson * Severity: high Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/parsejson redis 2.6.0 - 3.1.0 Severity: high Potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3 fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/redis ws <=1.1.4 Severity: high Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/engine.io-client/node_modules/ws node_modules/engine.io/node_modules/ws xmlhttprequest-ssl <=1.6.1 Severity: critical Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5 Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/xmlhttprequest-ssl yargs-parser 6.0.0 - 13.1.1 Severity: moderate Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/yargs-parser yargs 8.0.0-candidate.0 - 12.0.5 Depends on vulnerable versions of yargs-parser node_modules/yargs 17 vulnerabilities (1 low, 4 moderate, 8 high, 4 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force xx@iobroker-prod:~$Das hat leider zu keiner Verbesserung geführt
-
xx@iobroker-prod:~$ npm install iobroker.js-controller npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 added 309 packages, and audited 310 packages in 1m 18 packages are looking for funding run `npm fund` for details 4 vulnerabilities (3 moderate, 1 high) To address all issues, run: npm audit fix Run `npm audit` for details. xx@iobroker-prod:~$und hier npm audit und npm audit --force
xx@iobroker-prod:~$ npm audit # npm audit report node-forge <=1.2.1 Severity: high Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 Prototype Pollution in node-forge util.setPath API - https://github.com/advisories/GHSA-wxgw-qj99-44c2 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq Prototype Pollution in node-forge - https://github.com/advisories/GHSA-92xj-mqp7-vmcj Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 fix available via `npm audit fix --force` Will install iobroker.js-controller@1.5.3, which is a breaking change node_modules/rsa-compat/node_modules/node-forge rsa-compat <=1.9.4 Depends on vulnerable versions of node-forge node_modules/rsa-compat le-acme-core * Depends on vulnerable versions of rsa-compat node_modules/le-acme-core iobroker.js-controller >=1.5.4 Depends on vulnerable versions of le-acme-core node_modules/iobroker.js-controller 4 vulnerabilities (3 moderate, 1 high) To address all issues (including breaking changes), run: npm audit fix --force xx@iobroker-prod:~$ npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating iobroker.js-controller to 1.5.3,which is a SemVer major change. npm WARN deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3 npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) added 173 packages, removed 145 packages, changed 48 packages, and audited 334 packages in 51s 13 packages are looking for funding run `npm fund` for details # npm audit report debug <2.6.9 Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/engine.io-client/node_modules/debug node_modules/engine.io/node_modules/debug node_modules/socket.io-adapter/node_modules/debug node_modules/socket.io-client/node_modules/debug node_modules/socket.io-parser/node_modules/debug node_modules/socket.io/node_modules/debug engine.io <=4.0.0-alpha.1 Depends on vulnerable versions of debug Depends on vulnerable versions of ws node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-adapter Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client socket.io-adapter <=1.1.0 Depends on vulnerable versions of debug Depends on vulnerable versions of socket.io-parser node_modules/socket.io-adapter socket.io-parser <=3.3.1 Depends on vulnerable versions of debug node_modules/socket.io-parser minimist <=1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/winston-daily-rotate-file/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/winston-daily-rotate-file/node_modules/mkdirp winston-daily-rotate-file 1.7.0 - 1.7.2 Depends on vulnerable versions of mkdirp node_modules/winston-daily-rotate-file parsejson * Severity: high Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/parsejson redis 2.6.0 - 3.1.0 Severity: high Potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3 fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/redis ws <=1.1.4 Severity: high Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/engine.io-client/node_modules/ws node_modules/engine.io/node_modules/ws xmlhttprequest-ssl <=1.6.1 Severity: critical Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5 Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/xmlhttprequest-ssl yargs-parser 6.0.0 - 13.1.1 Severity: moderate Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/yargs-parser yargs 8.0.0-candidate.0 - 12.0.5 Depends on vulnerable versions of yargs-parser node_modules/yargs 17 vulnerabilities (1 low, 4 moderate, 8 high, 4 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force xx@iobroker-prod:~$Das hat leider zu keiner Verbesserung geführt
@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:
und hier npm audit und npm audit --force
wieso machst du so etwas?
-
@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:
und hier npm audit und npm audit --force
wieso machst du so etwas?
-
xx@iobroker-prod:~$ npm install iobroker.js-controller npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 added 309 packages, and audited 310 packages in 1m 18 packages are looking for funding run `npm fund` for details 4 vulnerabilities (3 moderate, 1 high) To address all issues, run: npm audit fix Run `npm audit` for details. xx@iobroker-prod:~$und hier npm audit und npm audit --force
xx@iobroker-prod:~$ npm audit # npm audit report node-forge <=1.2.1 Severity: high Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 Prototype Pollution in node-forge util.setPath API - https://github.com/advisories/GHSA-wxgw-qj99-44c2 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq Prototype Pollution in node-forge - https://github.com/advisories/GHSA-92xj-mqp7-vmcj Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 fix available via `npm audit fix --force` Will install iobroker.js-controller@1.5.3, which is a breaking change node_modules/rsa-compat/node_modules/node-forge rsa-compat <=1.9.4 Depends on vulnerable versions of node-forge node_modules/rsa-compat le-acme-core * Depends on vulnerable versions of rsa-compat node_modules/le-acme-core iobroker.js-controller >=1.5.4 Depends on vulnerable versions of le-acme-core node_modules/iobroker.js-controller 4 vulnerabilities (3 moderate, 1 high) To address all issues (including breaking changes), run: npm audit fix --force xx@iobroker-prod:~$ npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating iobroker.js-controller to 1.5.3,which is a SemVer major change. npm WARN deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3 npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) added 173 packages, removed 145 packages, changed 48 packages, and audited 334 packages in 51s 13 packages are looking for funding run `npm fund` for details # npm audit report debug <2.6.9 Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/engine.io-client/node_modules/debug node_modules/engine.io/node_modules/debug node_modules/socket.io-adapter/node_modules/debug node_modules/socket.io-client/node_modules/debug node_modules/socket.io-parser/node_modules/debug node_modules/socket.io/node_modules/debug engine.io <=4.0.0-alpha.1 Depends on vulnerable versions of debug Depends on vulnerable versions of ws node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-adapter Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client socket.io-adapter <=1.1.0 Depends on vulnerable versions of debug Depends on vulnerable versions of socket.io-parser node_modules/socket.io-adapter socket.io-parser <=3.3.1 Depends on vulnerable versions of debug node_modules/socket.io-parser minimist <=1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/winston-daily-rotate-file/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/winston-daily-rotate-file/node_modules/mkdirp winston-daily-rotate-file 1.7.0 - 1.7.2 Depends on vulnerable versions of mkdirp node_modules/winston-daily-rotate-file parsejson * Severity: high Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/parsejson redis 2.6.0 - 3.1.0 Severity: high Potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3 fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/redis ws <=1.1.4 Severity: high Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/engine.io-client/node_modules/ws node_modules/engine.io/node_modules/ws xmlhttprequest-ssl <=1.6.1 Severity: critical Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5 Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/xmlhttprequest-ssl yargs-parser 6.0.0 - 13.1.1 Severity: moderate Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/yargs-parser yargs 8.0.0-candidate.0 - 12.0.5 Depends on vulnerable versions of yargs-parser node_modules/yargs 17 vulnerabilities (1 low, 4 moderate, 8 high, 4 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force xx@iobroker-prod:~$Das hat leider zu keiner Verbesserung geführt
@taba_luga hoffe das npm install war im richtigen ordner (/opt/iobroker) und ja audit fix lassen
-
xx@iobroker-prod:~$ npm install iobroker.js-controller npm WARN deprecated har-validator@5.1.5: this library is no longer supported npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142 added 309 packages, and audited 310 packages in 1m 18 packages are looking for funding run `npm fund` for details 4 vulnerabilities (3 moderate, 1 high) To address all issues, run: npm audit fix Run `npm audit` for details. xx@iobroker-prod:~$und hier npm audit und npm audit --force
xx@iobroker-prod:~$ npm audit # npm audit report node-forge <=1.2.1 Severity: high Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 Prototype Pollution in node-forge util.setPath API - https://github.com/advisories/GHSA-wxgw-qj99-44c2 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq Prototype Pollution in node-forge - https://github.com/advisories/GHSA-92xj-mqp7-vmcj Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 fix available via `npm audit fix --force` Will install iobroker.js-controller@1.5.3, which is a breaking change node_modules/rsa-compat/node_modules/node-forge rsa-compat <=1.9.4 Depends on vulnerable versions of node-forge node_modules/rsa-compat le-acme-core * Depends on vulnerable versions of rsa-compat node_modules/le-acme-core iobroker.js-controller >=1.5.4 Depends on vulnerable versions of le-acme-core node_modules/iobroker.js-controller 4 vulnerabilities (3 moderate, 1 high) To address all issues (including breaking changes), run: npm audit fix --force xx@iobroker-prod:~$ npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating iobroker.js-controller to 1.5.3,which is a SemVer major change. npm WARN deprecated json3@3.3.2: Please use the native JSON object instead of JSON 3 npm WARN deprecated mkdirp@0.5.1: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) added 173 packages, removed 145 packages, changed 48 packages, and audited 334 packages in 51s 13 packages are looking for funding run `npm fund` for details # npm audit report debug <2.6.9 Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/engine.io-client/node_modules/debug node_modules/engine.io/node_modules/debug node_modules/socket.io-adapter/node_modules/debug node_modules/socket.io-client/node_modules/debug node_modules/socket.io-parser/node_modules/debug node_modules/socket.io/node_modules/debug engine.io <=4.0.0-alpha.1 Depends on vulnerable versions of debug Depends on vulnerable versions of ws node_modules/engine.io socket.io <=2.4.1 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io Depends on vulnerable versions of socket.io-adapter Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io iobroker.js-controller <=2.1.1 Depends on vulnerable versions of redis Depends on vulnerable versions of socket.io Depends on vulnerable versions of socket.io-client Depends on vulnerable versions of winston-daily-rotate-file Depends on vulnerable versions of yargs node_modules/iobroker.js-controller engine.io-client <=3.3.2 || 3.4.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3 Depends on vulnerable versions of debug Depends on vulnerable versions of parsejson Depends on vulnerable versions of ws Depends on vulnerable versions of xmlhttprequest-ssl node_modules/engine.io-client socket.io-client 1.0.0-pre - 2.1.1 || 2.3.0 - 2.3.1 || 3.0.0-rc1 - 3.0.5 Depends on vulnerable versions of debug Depends on vulnerable versions of engine.io-client Depends on vulnerable versions of socket.io-parser node_modules/socket.io-client socket.io-adapter <=1.1.0 Depends on vulnerable versions of debug Depends on vulnerable versions of socket.io-parser node_modules/socket.io-adapter socket.io-parser <=3.3.1 Depends on vulnerable versions of debug node_modules/socket.io-parser minimist <=1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/winston-daily-rotate-file/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/winston-daily-rotate-file/node_modules/mkdirp winston-daily-rotate-file 1.7.0 - 1.7.2 Depends on vulnerable versions of mkdirp node_modules/winston-daily-rotate-file parsejson * Severity: high Regular Expression Denial of Service in parsejson - https://github.com/advisories/GHSA-q75g-2496-mxpp fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/parsejson redis 2.6.0 - 3.1.0 Severity: high Potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3 fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/redis ws <=1.1.4 Severity: high Denial of Service in ws - https://github.com/advisories/GHSA-5v72-xg48-5rpm fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/engine.io-client/node_modules/ws node_modules/engine.io/node_modules/ws xmlhttprequest-ssl <=1.6.1 Severity: critical Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5 Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/xmlhttprequest-ssl yargs-parser 6.0.0 - 13.1.1 Severity: moderate Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp fix available via `npm audit fix --force` Will install iobroker.js-controller@4.0.23, which is a breaking change node_modules/yargs-parser yargs 8.0.0-candidate.0 - 12.0.5 Depends on vulnerable versions of yargs-parser node_modules/yargs 17 vulnerabilities (1 low, 4 moderate, 8 high, 4 critical) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force xx@iobroker-prod:~$Das hat leider zu keiner Verbesserung geführt
@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:
Falsches Verzeichnis:
xx@iobroker-prod:~$ npm install iobroker.js-controllerDas hat leider zu keiner Verbesserung geführt
Naja, jetzt hast du es doppelt 'installiert'...
Mach es so:
cd /opt/iobroker sudo -H -u iobroker npm install iobroker.js-controller -
@taba_luga hoffe das npm install war im richtigen ordner (/opt/iobroker) und ja audit fix lassen
@apollon77 ich befürchte nicht... Ich hatte vorher nicht das Verzeichnis gewechselt. Habe ich mir jetzt restlos alles zerschossen? Dann würde ich meinen Snapshot wieder hervor holen und bis zu diesem Punkt erst mal alles wiederholen.
[edit] der Post von @Thomas-Braun hat sich mit meiner Antwort hier überschnitten.
-
@apollon77 ich befürchte nicht... Ich hatte vorher nicht das Verzeichnis gewechselt. Habe ich mir jetzt restlos alles zerschossen? Dann würde ich meinen Snapshot wieder hervor holen und bis zu diesem Punkt erst mal alles wiederholen.
[edit] der Post von @Thomas-Braun hat sich mit meiner Antwort hier überschnitten.
@taba_luga In welchem verzeichnis haste es denn ausgeführt? WEnn in deinem User verzeichnis dann liegt da jetzt nur ein node_modules mit Zeug drin ... löschen und ende
-
@apollon77 ich befürchte nicht... Ich hatte vorher nicht das Verzeichnis gewechselt. Habe ich mir jetzt restlos alles zerschossen? Dann würde ich meinen Snapshot wieder hervor holen und bis zu diesem Punkt erst mal alles wiederholen.
[edit] der Post von @Thomas-Braun hat sich mit meiner Antwort hier überschnitten.
@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:
Habe ich mir jetzt restlos alles zerschossen?
Nein, du hast nur den js-controller im /home-Verzeichnis des users xx versenkt.
Aber da den den ja auch dort auditiert und gefixt hast...
...lösch das dort.Die Hauptinstallation immer noch defekt.
-
@taba_luga sagte in Error 25 bei Adapterupdates nach Node.JS 16.15.1 Update:
Falsches Verzeichnis:
xx@iobroker-prod:~$ npm install iobroker.js-controllerDas hat leider zu keiner Verbesserung geführt
Naja, jetzt hast du es doppelt 'installiert'...
Mach es so:
cd /opt/iobroker sudo -H -u iobroker npm install iobroker.js-controller@thomas-braun
jetzt geht der Spaß mit den Ordnern wieder los...xx@iobroker-prod:/opt/iobroker$ sudo -H -u iobroker npm install iobroker.js-controller npm ERR! code ENOTEMPTY npm ERR! syscall rename npm ERR! path /opt/iobroker/node_modules/alexa-cookie2 npm ERR! dest /opt/iobroker/node_modules/.alexa-cookie2-yH4YGJkw npm ERR! errno -39 npm ERR! ENOTEMPTY: directory not empty, rename '/opt/iobroker/node_modules/alexa-cookie2' -> '/opt/iobroker/node_modules/.alexa-cookie2-yH4YGJkw' npm ERR! A complete log of this run can be found in: npm ERR! /home/iobroker/.npm/_logs/2022-06-24T11_45_06_568Z-debug-0.log xx@iobroker-prod:/opt/iobroker$Die benenne ich dann erst mal wieder um und melde mich dann wieder bei euch. Vielen DANK schon mal zwischendurch für euren super Support!!!
Support us
459
Online32.4k
Benutzer81.5k
Themen1.3m
Beiträge