Hi,
I’m evaluating Strapi for potential use on a project, and tried running the official example app from Foodadvisor on github (can’t include link as I’m limited to two links as a new poster)
I’m on latest recommended node version v18.12.1
First off, it doesn’t run under node 18 due to:
error @offset-dev/strapi-calendar@0.0.8: The engine “node” is incompatible with this module. Expected version “>=12.x.x <=16.x.x”. Got “18.12.1”
error Found incompatible module.
I’ve raised that as an issue @ Doesn't run under Node 18, breaks Strapi example app Foodadvisor · Issue #19 · offset-dev/strapi-calendar · GitHub but Strapi should also be made aware of it.
I also ran a npx npm-check -u which highlighted the following high risk vulnerability with some key Strapi packages.(see below)
Is Strapi aware of this?
Is the official example going to be made current with the latest version of node soon?
qs 6.10.0 - 6.10.2
Severity: high
qs vulnerable to Prototype Pollution - qs vulnerable to Prototype Pollution · CVE-2022-24999 · GitHub Advisory Database · GitHub
No fix available
node_modules/qs
@strapi/helper-plugin *
Depends on vulnerable versions of qs
node_modules/@strapi/helper-plugin
@strapi/plugin-users-permissions *
Depends on vulnerable versions of @strapi/helper-plugin
node_modules/@strapi/plugin-users-permissions
strapi-plugin-cookie-manager *
Depends on vulnerable versions of @strapi/helper-plugin
node_modules/strapi-plugin-cookie-manager