taro 依赖库包含安全问题

tct7dpnv  于 4个月前  发布在  其他
关注(0)|答案(1)|浏览(63)

依赖的库太老, 好多都没有维护了建议替换。
其中有几个严重安全问题的也应该及时修复替换.

⚠ warning @tarojs/helper > @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
⚠ warning @tarojs/cli > request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
⚠ warning @tarojs/cli > request > har-validator@5.1.5: this library is no longer supported
⚠ warning @tarojs/cli > request > uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
⚠ warning @tarojs/webpack5-runner > vm2@3.9.19: The library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code to isolated-vm.
⚠ warning @tarojs/webpack5-runner > stylus > css > source-map-resolve@0.6.0: See https://github.com/lydell/source-map-resolve#deprecated
⚠ warning @tarojs/webpack5-runner > vue-loader > @vue/component-compiler-utils > consolidate@0.15.1: Please upgrade to consolidate v1.0.0+ as it has been modernized with several long-awaited fixes implemented. Maintenance is supported by Forward Email at https://forwardemail.net ; follow/watch https://github.com/ladjs/consolidate for updates and release changelog
⚠ warning @tarojs/webpack5-runner > @tarojs/runner-utils > scss-bundle > @types/sass@1.45.0: This is a stub types definition. sass provides its own type definitions, so you do not need this installed.
⚠ warning @tarojs/webpack5-runner > webpack-dev-server > webpack-dev-middleware > memfs@3.6.0: this will be v4
⚠ warning @tarojs/webpack5-runner > css-minimizer-webpack-plugin > cssnano > cssnano-preset-default > postcss-svgo > svgo > stable@0.1.8: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
⚠ warning babel-preset-taro > metro-react-native-babel-preset > @babel/plugin-proposal-object-rest-spread@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-object-rest-spread instead.
⚠ warning babel-preset-taro > metro-react-native-babel-preset > @babel/plugin-proposal-async-generator-functions@7.20.7: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-async-generator-functions instead.
⚠ warning babel-preset-taro > metro-react-native-babel-preset > @babel/plugin-proposal-optional-catch-binding@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-catch-binding instead.
⚠ warning babel-preset-taro > @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
warning babel-preset-taro > metro-react-native-babel-preset > @babel/plugin-proposal-class-properties@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead.
⚠ warning babel-preset-taro > metro-react-native-babel-preset > @babel/plugin-proposal-nullish-coalescing-operator@7.18.6: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-nullish-coalescing-operator instead.
⚠ warning babel-preset-taro > metro-react-native-babel-preset > @babel/plugin-proposal-optional-chaining@7.21.0: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-optional-chaining instead.

另外, 模板项目中有一个问题 找不到“sass”的类型定义文件 参考解决 https://juejin.cn/post/7288340985229459475
我没有使用他的特定版本也是OK的。

配置选项

? 请选择框架 React
? 是否需要使用 TypeScript ? Yes
? 请选择 CSS 预处理器(Sass/Less/Stylus) Sass
? 请选择编译工具 Webpack5
? 请选择包管理工具 yarn
? 请选择模板源 Github(最新)
✔ 拉取远程模板仓库成功!
? 请选择模板 react-NutUI(使用 NutUI React 的模板)

环境信息

Taro CLI 3.6.18 environment info:
    System:
      OS: Linux 5.4 Ubuntu 20.04.6 LTS (Focal Fossa)
    
    Binaries:
      Node: 20.9.0
      Yarn: 1.22.19
      npm: 10.1.0
    npmPackages:
      @tarojs/cli: 3.6.18 => 3.6.18
      @tarojs/components: 3.6.18 => 3.6.18
      @tarojs/helper: 3.6.18 => 3.6.18
      @tarojs/plugin-framework-react: 3.6.18 => 3.6.18
      @tarojs/plugin-html: 3.6.18 => 3.6.18
      @tarojs/plugin-platform-alipay: 3.6.18 => 3.6.18
      @tarojs/plugin-platform-h5: 3.6.18 => 3.6.18
      @tarojs/plugin-platform-jd: 3.6.18 => 3.6.18
      @tarojs/plugin-platform-qq: 3.6.18 => 3.6.18
      @tarojs/plugin-platform-swan: 3.6.18 => 3.6.18
      @tarojs/plugin-platform-tt: 3.6.18 => 3.6.18
      @tarojs/plugin-platform-weapp: 3.6.18 => 3.6.18
      @tarojs/react: 3.6.18 => 3.6.18
      @tarojs/runtime: 3.6.18 => 3.6.18
      @tarojs/shared: 3.6.18 => 3.6.18
      @tarojs/taro: 3.6.18 => 3.6.18
      @tarojs/taro-loader: 3.6.18 => 3.6.18
      @tarojs/webpack5-runner: 3.6.18 => 3.6.18
      babel-preset-taro: 3.6.18 => 3.6.18
      eslint-config-taro: 3.6.18 => 3.6.18
      react: ^18.0.0 => 18.2.0
qvk1mo1f

qvk1mo1f1#

那几个有的模板都跑不起来,不知道是什么依赖的问题,vite等了一年还没有,总感觉是疏于维护了

相关问题