Cześć, jestem tutaj nowy, dopiero zaczynam się uczyć, i już utknąłem jeszcze zanim zacząłem mam problem z instalacją gulp. Niby robię wszystko zgodnie z instrukcją, ale otrzymuje taki komunikat. Będę bardzo wdzięczny za pomoc. Dzięki!
Is this OK? (yes) yes
PS C:\Users\divi0\onedrive\pulpit\js\projekty> npm install --save-dev gulp
up to date, audited 352 packages in 3s
13 packages are looking for funding
run `npm fund` for details
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
PS C:\Users\divi0\onedrive\pulpit\js\projekty> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating glob-parent to 6.0.2, which is a SemVer major change.
npm WARN audit Updating glob-stream to 8.0.0, which is a SemVer major change.
npm WARN audit Updating chokidar to 3.5.3, which is a SemVer major change.
npm WARN audit Updating vinyl-fs to 4.0.0, which is a SemVer major change.
npm WARN audit Updating glob-watcher to 6.0.0, which is a SemVer major change.
npm WARN audit Updating gulp to 3.9.1, which is a SemVer major change.
npm WARN deprecated natives@1.1.6: This module relies on Node.js's internals and will break at some point. Do not use it, and update to graceful-fs@4.x.
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
added 125 packages, removed 1 package, changed 6 packages, and audited 476 packages in 14s
20 packages are looking for funding
run `npm fund` for details
# npm audit report
lodash <=4.17.20
Severity: critical
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
fix available via `npm audit fix`
node_modules/lodash
globule <=1.1.0
Depends on vulnerable versions of glob
Depends on vulnerable versions of lodash
Depends on vulnerable versions of minimatch
node_modules/globule
gaze 0.4.0 - 1.0.0
Depends on vulnerable versions of globule
node_modules/gaze
glob-watcher <=2.0.0
Depends on vulnerable versions of gaze
node_modules/gulp/node_modules/glob-watcher
lodash.template <4.5.0
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
fix available via `npm audit fix --force`
Will install gulp@4.0.2, which is a breaking change
node_modules/lodash.template
gulp-util >=1.1.0
Depends on vulnerable versions of lodash.template
node_modules/gulp-util
gulp 2.4.0 - 3.9.1
Depends on vulnerable versions of gulp-util
Depends on vulnerable versions of semver
Depends on vulnerable versions of vinyl-fs
node_modules/gulp
minimatch <=3.0.4
Severity: high
Regular Expression Denial of Service in minimatch - https://github.com/advisories/GHSA-hxm2-r34f-qmc5
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix --force`
Will install gulp@4.0.2, which is a breaking change
node_modules/globule/node_modules/minimatch
node_modules/gulp/node_modules/minimatch
glob 3.0.0 - 5.0.14
Depends on vulnerable versions of minimatch
node_modules/globule/node_modules/glob
node_modules/gulp/node_modules/glob
glob-stream 0.2.0 - 5.2.0
Depends on vulnerable versions of glob
Depends on vulnerable versions of minimatch
node_modules/gulp/node_modules/glob-stream
vinyl-fs <=1.0.0
Depends on vulnerable versions of glob-stream
Depends on vulnerable versions of glob-watcher
node_modules/gulp/node_modules/vinyl-fs
semver <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install gulp@4.0.2, which is a breaking change
node_modules/gulp/node_modules/semver
12 vulnerabilities (1 moderate, 7 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force