Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade 1.4: Kubeflow #88

Closed
6 of 7 tasks
wg102 opened this issue Jul 11, 2022 · 22 comments
Closed
6 of 7 tasks

Upgrade 1.4: Kubeflow #88

wg102 opened this issue Jul 11, 2022 · 22 comments
Assignees
@wg102
Labels
component/kubeflow

Comments

@wg102
Copy link

wg102 commented Jul 11, 2022
edited
Loading

/kind feature

Why you need this feature:
[Is your feature request related to a problem? Please describe in details]

This issue is a child of StatCan/aaw#1203 and technically an epic in itself.

Describe the solution you'd like:

Upgrade Kubeflow central-dashboard to 1.4.

Our customization includes:

We are mostly using CWA and central dashboard components our of the entire platform. Even then, CWA will be new.
Points of importance:

  • Multiple changes on kubeflow, including major upgrade of Angular Version FOR CWA
  • Namespaced menu items - pull 5995
    ✅ Looks okay, might not break anything. May have to pay attention to internationalization.
  • Make it possible to add Namespaced menu items - pull 5871
    ✅ Looks okay, might not break anything. May have to pay attention to internationalization.
  • Scrollable side-bar - pull 5964
    ✅ Looks okay, just some CSS, might not break anything.
  • Add support for Models web app - pull 6085
    ✅ Looks okay, just some CSS. May have to pay attention to internationalization.

Anything else you would like to add:
Based on the way we did 1.3, this is the recommended way:
How we rebase to the v1.4
1.Go on stc-master of kubeflow kubeflow
2. Get the code from upstream, git remote add upstream https://github.com/kubeflow/kubeflow.git
3. git remote -v should now show 4 choices.
4. Create the branch v1.4
5. git rebase upstream/v1.4-branch
6. Fix merge conflicts,
7. Create a PR with tag auto build
8. Use the image that was pushed to acr in the dev environment

  1. Clone whole repository (in this case, StatCan/kubeflow)
  2. Go into repo locally
  3. git remote add upstream https://github.com/kubeflow/kubeflow.git (add upstream as remote)
  4. git remote –v (list current configured remote)
  5. git checkout stc-master
  6. git checkout –b <new-branch-name>
  7. git fetch upstream
  8. git rebase upstream/tags/v1.4.0
  9. Resolve conflicts -> save -> stage changes
  10. git commit -m <commit message>
  11. git push --set-upstream origin <new-branch-name>

NOTE
There is some discussion upstream on issue 6332 about changing the central-dashboard from polymer to angular, which I do hope will happen, but currently does not seem to have been done. This will affect us greatly for obvious reason.

Local testing of Kubeflow

To simulate having a namespace.

Be carefull NOT to be connected to prod.
kubectl port-forward -n kubeflow deployment/profiles-deployment 8081:8081
For connection to the a cluster,
USERID_HEADER=kubeflow-userid USERID_PREFIX= KF_USER_ID=[[email protected] OR equivalent if kidn user] npm run dev
@wg102 wg102 mentioned this issue Jul 11, 2022
Closed
7 tasks
@wg102 wg102 self-assigned this Jul 13, 2022
@wg102
Copy link
Author

wg102 commented Jul 14, 2022

I am currently trying to rebase on the 1.4.1 branch, only to notice, there is no 1.4.1 branch....

According to documentation there is a 1.4.1 release, yet I cannot find it on GitHub.

There is the v1.4.0 release
Which was released on October 11th 2021

There is a v1.4-branch which last commit is October 8th 2021
A v1.4.0 tag last commit is also October 8th 2021

A v1.4-rc-1 branch last commit Sept 14th 2021

So what is 'release 1.4.1'?

It's actually the MANIFEST release

So is that only a fix on the manifest, and the code is ok with version 1.4? If so, the tag I would assume is the right one to pull from.

@wg102
Copy link
Author

wg102 commented Jul 14, 2022
edited
Loading

Take care of vulnerabilities at the end see
image

Note: This actually depends on the node version you use.

@wg102
Copy link
Author

wg102 commented Jul 14, 2022
edited
Loading

Decide for the configmap what to follow:
File : /kubeflow/components/centraldashboard/config/centraldashboard-config.yaml

VS upstream : https://github.com/kubeflow/kubeflow/blob/master/components/centraldashboard/config/centraldashboard-config.yaml

VS upstream manifest: https://github.com/kubeflow/manifests/blob/master/apps/centraldashboard/upstream/base/configmap.yaml

VS our 1.3 configmap: https://github.com/StatCan/kubeflow/blob/stc-master/components/centraldashboard/config/centraldashboard-config.yaml
and should it be the same in our manifest
https://github.com/StatCan/aaw-kubeflow-manifests/blob/aaw-dev-cc-00/kustomize/apps/centraldashboard/base/centraldashboard-config.yaml
Which one is actually used? Are they both useful?

Take a look at upstring commit remove volumes and tensorboards from side menu, add icons, fix order of menu items

@wg102
Copy link
Author

wg102 commented Jul 14, 2022
edited
Loading

Look into removing double {{ }} and [[ ]] if possible.

Update: Double [[ ]] are also in the upstream and the double {{ }} are needed for localization

@wg102
Copy link
Author

wg102 commented Jul 14, 2022

The configmap for the links is here: https://github.com/StatCan/aaw-kubeflow-manifests/blob/a36830758cc632cc9841739bbfbe9817a0026663/kustomize/apps/centraldashboard/centraldashboard-config.yaml

@wg102
Copy link
Author

wg102 commented Jul 14, 2022
edited
Loading

Check all the example notebooks, check if any upgrades are needed
image

@wg102
Copy link
Author

wg102 commented Jul 14, 2022

The branch has been created https://github.com/StatCan/kubeflow/tree/feat-upgrade-1.4.0

@wg102
Copy link
Author

wg102 commented Jul 19, 2022
edited
Loading

Fixing the vulnerabilities:
Need node version (latest LTS) so v16.16.0

While fixing them using git audit fix I had to use the --force option.

glob-parent  <=5.1.1
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-cj88-88mr-972w
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/webpack-dev-server/node_modules/chokidar
    webpack-dev-server  2.0.0-beta - 4.7.2
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of selfsigned
    node_modules/webpack-dev-server

node-forge  <=1.2.1
Severity: high
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/selfsigned/node_modules/node-forge
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating webpack-dev-server to 4.9.3,which is a SemVer major change.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from [email protected]
npm WARN node_modules/css-loader
npm WARN   dev css-loader@"^2.1.1" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.0.0" from [email protected]
npm WARN   node_modules/css-loader
npm WARN     dev css-loader@"^2.1.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@">=2.0.0 <5.0.0" from [email protected]
npm WARN node_modules/eslint-loader
npm WARN   dev eslint-loader@"^2.2.1" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2.0.0 <5.0.0" from [email protected]
npm WARN   node_modules/eslint-loader
npm WARN     dev eslint-loader@"^2.2.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from [email protected]
npm WARN node_modules/file-loader
npm WARN   dev file-loader@"^3.0.1" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.0.0" from [email protected]
npm WARN   node_modules/file-loader
npm WARN     dev file-loader@"^3.0.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/html-webpack-plugin
npm WARN   peer html-webpack-plugin@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/script-ext-html-webpack-plugin
npm WARN   1 more (the root project)
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/html-webpack-plugin
npm WARN     peer html-webpack-plugin@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN     node_modules/script-ext-html-webpack-plugin
npm WARN     1 more (the root project)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from [email protected]
npm WARN node_modules/karma-webpack
npm WARN   dev karma-webpack@"^4.0.2" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.0.0" from [email protected]
npm WARN   node_modules/karma-webpack
npm WARN     dev karma-webpack@"^4.0.2" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.4.0" from [email protected]
npm WARN node_modules/mini-css-extract-plugin
npm WARN   dev mini-css-extract-plugin@"^0.5.0" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.4.0" from [email protected]
npm WARN   node_modules/mini-css-extract-plugin
npm WARN     dev mini-css-extract-plugin@"^0.5.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/pug
npm WARN   dev pug@"3.0.1" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer pug@"^2.0.0" from [email protected]
npm WARN node_modules/pug-loader
npm WARN   dev pug-loader@"^2.4.0" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/pug
npm WARN   peer pug@"^2.0.0" from [email protected]
npm WARN   node_modules/pug-loader
npm WARN     dev pug-loader@"^2.4.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.3.0" from [email protected]
npm WARN node_modules/raw-loader
npm WARN   dev raw-loader@"^2.0.0" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.3.0" from [email protected]
npm WARN   node_modules/raw-loader
npm WARN     dev raw-loader@"^2.0.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/script-ext-html-webpack-plugin
npm WARN   dev script-ext-html-webpack-plugin@"^2.1.4" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/script-ext-html-webpack-plugin
npm WARN     dev script-ext-html-webpack-plugin@"^2.1.4" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/url-loader
npm WARN   dev url-loader@"^1.1.2" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/url-loader
npm WARN     dev url-loader@"^1.1.2" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"4.x.x" from [email protected]
npm WARN node_modules/webpack-cli
npm WARN   dev webpack-cli@"^3.3.9" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"4.x.x" from [email protected]
npm WARN   node_modules/webpack-cli
npm WARN     dev webpack-cli@"^3.3.9" from the root project

added 56 packages, removed 93 packages, changed 42 packages, and audited 1585 packages in 11s

74 packages are looking for funding
run `npm fund` for details

@wg102
Copy link
Author

wg102 commented Jul 20, 2022
edited
Loading

The vulnerabilities are actually creating a second issue. Once fixed, the npm install command run through make build-local give us errors.

A way to avoid this, while keeping the vulnerability fix is to run npm install --save --legacy-peer-deps instead. Is this something bad to do? (See stackoverflow)

This being said, 'fixing' the vulnerabilities, somehow breaks the code. One of the likely culprits is this error that seems to appear after the fix:

[TypeScript] app/api.ts(41,28): error TS2538: Type 'ParsedQs' cannot be used as an index type.
[TypeScript] app/api.ts(41,28): error TS2538: Type 'ParsedQs[]' cannot be used as an index type.
[TypeScript] app/api.ts(41,28): error TS2538: Type 'string[]' cannot be used as an index type.
[TypeScript] app/api.ts(41,28): error TS7015: Element implicitly has an 'any' type because index expression is not of type 'number'.
[TypeScript] app/api.ts(42,44): error TS2538: Type 'ParsedQs' cannot be used as an index type.
[TypeScript] app/api.ts(42,44): error TS2538: Type 'ParsedQs[]' cannot be used as an index type.
[TypeScript] app/api.ts(42,44): error TS2538: Type 'string[]' cannot be used as an index type.
[TypeScript] app/api.ts(42,44): error TS7015: Element implicitly has an 'any' type because index expression is not of type 'number'.
[TypeScript] node_modules/@types/tar/index.d.ts(239,36): error TS2709: Cannot use namespace 'MiniPass' as a type.
[TypeScript] 
[TypeScript] 1:18:44 PM - Found 9 errors. Watching for file changes.

@bryanpaget
Copy link

bryanpaget commented Jul 21, 2022
edited
Loading

For completeness, I've included the output from trying to build centraldashboard from 1.4.0. I tried building directly from upstream. I also tried building from our branch before and after fixing security vulnerabilities.

When trying to build centraldashboard from upstream 1.4 branch, I encounter the following issues:

(base) pagetbr@l-pagetbr-1:~/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard$ make build-local 
npm install
npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile 
npm WARN deprecated [email protected]: This library will not receive further updates other than security fixes. We recommend using @grpc/grpc-js instead.
npm WARN deprecated [email protected]: Please update to ini >=1.3.6 to avoid a prototype pollution issue
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: This loader has been deprecated. Please use eslint-webpack-plugin
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated [email protected]: Package no longer supported. Contact [email protected] for more info.
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: 3.x is no longer supported
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.)
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @babel/[email protected]:  This package has been deprecated in favor of separate inclusion of a polyfill and regenerator-runtime (when needed). See the @babel/polyfill docs (https://babeljs.io/docs/en/babel-polyfill) for more information.
npm WARN deprecated [email protected]: 4.x is no longer supported
npm WARN deprecated [email protected]: This version of 'buffer' is out-of-date. You must update to v4.9.2 or newer
npm WARN deprecated [email protected]: Version no longer supported. Upgrade to @latest
npm WARN deprecated [email protected]: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated [email protected]: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm ERR! code 1
npm ERR! path /home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc
npm ERR! command failed
npm ERR! command sh -c node-pre-gyp install --fallback-to-build --library=static_library
npm ERR! make[1]: Entering directory '/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/build'
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/init.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/avl/avl.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/backoff/backoff.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/channel_args.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/channel_stack.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/channel_stack_builder.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/channel_trace.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/channelz.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/channelz_registry.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/connected_channel.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/handshaker.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/handshaker_registry.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/channel/status_util.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/compression/compression.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/compression/compression_internal.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/compression/message_compress.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/compression/stream_compression.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/compression/stream_compression_gzip.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/compression/stream_compression_identity.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/debug/stats.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/debug/stats_data.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/http/format_request.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/http/httpcli.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/http/parser.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/buffer_list.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/call_combiner.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/combiner.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/endpoint.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/endpoint_pair_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/endpoint_pair_uv.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/endpoint_pair_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/error.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/ev_epoll1_linux.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/ev_epollex_linux.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/ev_poll_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/ev_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/ev_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/exec_ctx.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/executor.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/fork_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/fork_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/gethostname_fallback.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/gethostname_host_name_max.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/gethostname_sysconf.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/grpc_if_nametoindex_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/internal_errqueue.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/iocp_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/iomgr.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/iomgr_custom.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/iomgr_internal.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/iomgr_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/iomgr_uv.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/iomgr_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/is_epollexclusive_available.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/load_file.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/lockfree_event.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/polling_entity.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/pollset.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/pollset_custom.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/pollset_set.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/pollset_set_custom.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/pollset_set_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/pollset_uv.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/pollset_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/resolve_address.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/resolve_address_custom.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/resolve_address_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/resolve_address_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/resource_quota.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/sockaddr_utils.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/socket_factory_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/socket_mutator.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/socket_utils_common_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/socket_utils_linux.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/socket_utils_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/socket_utils_uv.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/socket_utils_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/socket_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_client.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_client_custom.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_client_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_client_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_custom.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_server.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_server_custom.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_server_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_server_utils_posix_common.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_server_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_uv.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/tcp_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/time_averaged_stats.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/timer.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/timer_custom.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/timer_generic.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/timer_heap.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/timer_manager.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/timer_uv.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/udp_server.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/unix_sockets_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/unix_sockets_posix_noop.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/wakeup_fd_eventfd.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/wakeup_fd_nospecial.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/wakeup_fd_pipe.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/iomgr/wakeup_fd_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/json/json.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/json/json_reader.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/json/json_string.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/json/json_writer.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/slice/b64.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/slice/percent_encoding.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/slice/slice.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/slice/slice_buffer.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/slice/slice_intern.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/slice/slice_string_helpers.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/api_trace.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/byte_buffer.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/byte_buffer_reader.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/call.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/call_details.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/call_log_batch.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/channel.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/channel_init.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/channel_ping.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/channel_stack_type.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/completion_queue.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/completion_queue_factory.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/event_string.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/lame_client.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/metadata_array.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/server.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/validate_metadata.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/version.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/bdp_estimator.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/byte_stream.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/connectivity_state.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/error_utils.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/metadata.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/metadata_batch.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/pid_controller.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/static_metadata.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/status_conversion.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/status_metadata.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/timeout_encoding.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/transport.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/transport/transport_op_string.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/uri/uri_parser.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/debug/trace.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/bin_decoder.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/bin_encoder.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/chttp2_plugin.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/chttp2_transport.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/context_list.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/flow_control.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/frame_data.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/frame_goaway.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/frame_ping.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/frame_rst_stream.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/frame_settings.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/frame_window_update.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/hpack_encoder.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/hpack_table.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/http2_settings.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/huffsyms.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/incoming_metadata.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/parsing.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/stream_lists.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/stream_map.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/varint.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/transport/writing.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/alpn/alpn.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/http/client/http_client_filter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/http/http_filters_plugin.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/http/message_compress/message_compress_filter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/http/server/http_server_filter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/http/httpcli_security_connector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/context/security_context.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/alts/alts_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/composite/composite_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/credentials_metadata.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/fake/fake_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/google_default/credentials_generic.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/google_default/google_default_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/iam/iam_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/jwt/json_token.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/jwt/jwt_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/local/local_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/oauth2/oauth2_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/plugin/plugin_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/ssl/ssl_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/tls/spiffe_credentials.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/security_connector/alts/alts_security_connector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/security_connector/fake/fake_security_connector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/security_connector/load_system_roots_fallback.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/security_connector/load_system_roots_linux.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/security_connector/local/local_security_connector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/security_connector/security_connector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/security_connector/ssl/ssl_security_connector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/security_connector/ssl_utils.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/security_connector/tls/spiffe_security_connector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/transport/client_auth_filter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/transport/secure_endpoint.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/transport/security_handshaker.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/transport/server_auth_filter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/transport/target_authority_table.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/transport/tsi_error.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/util/json_util.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/surface/init_secure.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/crypt/aes_gcm.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/crypt/gsec.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/frame_protector/alts_counter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/frame_protector/alts_crypter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/frame_protector/alts_frame_protector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/frame_protector/frame_handler.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/alts_handshaker_client.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/alts_shared_resource.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/alts_tsi_handshaker.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/alts/check_gcp_environment.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/alts/check_gcp_environment_linux.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/alts/check_gcp_environment_windows.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/alts_handshaker_service_api.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/alts_tsi_utils.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/transport_security_common_api.o
npm ERR!   CC(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/altscontext.pb.o
npm ERR!   CC(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/handshaker.pb.o
npm ERR!   CC(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/alts/handshaker/transport_security_common.pb.o
npm ERR!   CC(target) Release/obj.target/grpc/deps/grpc/third_party/nanopb/pb_common.o
npm ERR!   CC(target) Release/obj.target/grpc/deps/grpc/third_party/nanopb/pb_decode.o
npm ERR!   CC(target) Release/obj.target/grpc/deps/grpc/third_party/nanopb/pb_encode.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/transport_security.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/client/insecure/channel_create.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/client/authority.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/client/chttp2_connector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/backup_poller.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/channel_connectivity.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/client_channel.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/client_channel_channelz.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/client_channel_factory.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/client_channel_plugin.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/connector.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/global_subchannel_pool.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/health/health_check_client.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/http_connect_handshaker.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/http_proxy.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/lb_policy.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/lb_policy_registry.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/local_subchannel_pool.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/parse_address.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/proxy_mapper.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/proxy_mapper_registry.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/resolver.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/resolver_registry.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/resolver_result_parsing.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/resolving_lb_policy.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/retry_throttle.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/server_address.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/service_config.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/subchannel.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/subchannel_pool_interface.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/deadline/deadline_filter.o
npm ERR!   CC(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/health/health.pb.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/fake_transport_security.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/local_transport_security.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/ssl/session_cache/ssl_session_boringssl.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/ssl/session_cache/ssl_session_cache.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/ssl/session_cache/ssl_session_openssl.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/ssl_transport_security.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/tsi/transport_security_grpc.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/server/chttp2_server.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/client/secure/secure_channel_create.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/server/insecure/server_chttp2.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/inproc/inproc_plugin.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/transport/inproc/inproc_transport.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.o
npm ERR!   CXX(target) Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.o
npm ERR! make[1]: Leaving directory '/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/build'
npm ERR! Failed to execute '/home/pagetbr/.nvm/versions/node/v16.16.0/bin/node /home/pagetbr/.nvm/versions/node/v16.16.0/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js build --fallback-to-build --library=static_library --module=/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc --napi_version=8 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v93' (1)
npm ERR! node-pre-gyp info it worked if it ends with ok
npm ERR! node-pre-gyp info using [email protected]
npm ERR! node-pre-gyp info using [email protected] | linux | x64
npm ERR! node-pre-gyp WARN Using request for node-pre-gyp https download 
npm ERR! node-pre-gyp info check checked for "/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc/grpc_node.node" (not found)
npm ERR! node-pre-gyp http GET https://node-precompiled-binaries.grpc.io/grpc/v1.20.3/node-v93-linux-x64-glibc.tar.gz
npm ERR! node-pre-gyp http 404 https://node-precompiled-binaries.grpc.io/grpc/v1.20.3/node-v93-linux-x64-glibc.tar.gz
npm ERR! node-pre-gyp WARN Tried to download(404): https://node-precompiled-binaries.grpc.io/grpc/v1.20.3/node-v93-linux-x64-glibc.tar.gz 
npm ERR! node-pre-gyp WARN Pre-built binaries not found for [email protected] and [email protected] (node-v93 ABI, glibc) (falling back to source compile with node-gyp) 
npm ERR! node-pre-gyp http 404 status code downloading tarball https://node-precompiled-binaries.grpc.io/grpc/v1.20.3/node-v93-linux-x64-glibc.tar.gz 
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp info ok 
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp info find Python using Python version 3.9.7 found at "/home/pagetbr/anaconda3/bin/python3"
npm ERR! gyp info spawn /home/pagetbr/anaconda3/bin/python3
npm ERR! gyp info spawn args [
npm ERR! gyp info spawn args   '/home/pagetbr/.nvm/versions/node/v16.16.0/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py',
npm ERR! gyp info spawn args   'binding.gyp',
npm ERR! gyp info spawn args   '-f',
npm ERR! gyp info spawn args   'make',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/build/config.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/home/pagetbr/.nvm/versions/node/v16.16.0/lib/node_modules/npm/node_modules/node-gyp/addon.gypi',
npm ERR! gyp info spawn args   '-I',
npm ERR! gyp info spawn args   '/home/pagetbr/.cache/node-gyp/16.16.0/include/node/common.gypi',
npm ERR! gyp info spawn args   '-Dlibrary=shared_library',
npm ERR! gyp info spawn args   '-Dvisibility=default',
npm ERR! gyp info spawn args   '-Dnode_root_dir=/home/pagetbr/.cache/node-gyp/16.16.0',
npm ERR! gyp info spawn args   '-Dnode_gyp_dir=/home/pagetbr/.nvm/versions/node/v16.16.0/lib/node_modules/npm/node_modules/node-gyp',
npm ERR! gyp info spawn args   '-Dnode_lib_file=/home/pagetbr/.cache/node-gyp/16.16.0/<(target_arch)/node.lib',
npm ERR! gyp info spawn args   '-Dmodule_root_dir=/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc',
npm ERR! gyp info spawn args   '-Dnode_engine=v8',
npm ERR! gyp info spawn args   '--depth=.',
npm ERR! gyp info spawn args   '--no-parallel',
npm ERR! gyp info spawn args   '--generator-output',
npm ERR! gyp info spawn args   'build',
npm ERR! gyp info spawn args   '-Goutput_dir=.'
npm ERR! gyp info spawn args ]
npm ERR! gyp info ok 
npm ERR! gyp info it worked if it ends with ok
npm ERR! gyp info using [email protected]
npm ERR! gyp info using [email protected] | linux | x64
npm ERR! gyp info spawn make
npm ERR! gyp info spawn args [ 'BUILDTYPE=Release', '-C', 'build' ]
npm ERR! In file included from /usr/include/string.h:495,
npm ERR!                  from ../deps/grpc/third_party/nanopb/pb.h:68,
npm ERR!                  from ../deps/grpc/third_party/nanopb/pb_decode.h:9,
npm ERR!                  from ../deps/grpc/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc:21:
npm ERR! In function ‘char* strncpy(char*, const char*, size_t)’,
npm ERR!     inlined from ‘grpc_grpclb_request* grpc_grpclb_request_create(const char*)’ at ../deps/grpc/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc:70:10:
npm ERR! /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:34: error: ‘char* __builtin_strncpy(char*, const char*, long unsigned int)’ specified bound 128 equals destination size [-Werror=stringop-truncation]
npm ERR!   106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
npm ERR!       |          ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
npm ERR! cc1plus: all warnings being treated as errors
npm ERR! make[1]: *** [grpc.target.mk:499: Release/obj.target/grpc/deps/grpc/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.o] Error 1
npm ERR! gyp ERR! build error 
npm ERR! gyp ERR! stack Error: `make` failed with exit code: 2
npm ERR! gyp ERR! stack     at ChildProcess.onExit (/home/pagetbr/.nvm/versions/node/v16.16.0/lib/node_modules/npm/node_modules/node-gyp/lib/build.js:194:23)
npm ERR! gyp ERR! stack     at ChildProcess.emit (node:events:527:28)
npm ERR! gyp ERR! stack     at Process.ChildProcess._handle.onexit (node:internal/child_process:291:12)
npm ERR! gyp ERR! System Linux 5.15.0-1014-azure
npm ERR! gyp ERR! command "/home/pagetbr/.nvm/versions/node/v16.16.0/bin/node" "/home/pagetbr/.nvm/versions/node/v16.16.0/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "build" "--fallback-to-build" "--library=static_library" "--module=/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc/grpc_node.node" "--module_name=grpc_node" "--module_path=/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc" "--napi_version=8" "--node_abi_napi=napi" "--napi_build_version=0" "--node_napi_label=node-v93"
npm ERR! gyp ERR! cwd /home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc
npm ERR! gyp ERR! node -v v16.16.0
npm ERR! gyp ERR! node-gyp -v v9.0.0
npm ERR! gyp ERR! not ok 
npm ERR! node-pre-gyp ERR! build error 
npm ERR! node-pre-gyp ERR! stack Error: Failed to execute '/home/pagetbr/.nvm/versions/node/v16.16.0/bin/node /home/pagetbr/.nvm/versions/node/v16.16.0/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js build --fallback-to-build --library=static_library --module=/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/src/node/extension_binary/node-v93-linux-x64-glibc --napi_version=8 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v93' (1)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
npm ERR! node-pre-gyp ERR! stack     at ChildProcess.emit (node:events:527:28)
npm ERR! node-pre-gyp ERR! stack     at maybeClose (node:internal/child_process:1092:16)
npm ERR! node-pre-gyp ERR! stack     at Process.ChildProcess._handle.onexit (node:internal/child_process:302:5)
npm ERR! node-pre-gyp ERR! System Linux 5.15.0-1014-azure
npm ERR! node-pre-gyp ERR! command "/home/pagetbr/.nvm/versions/node/v16.16.0/bin/node" "/home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc/node_modules/.bin/node-pre-gyp" "install" "--fallback-to-build" "--library=static_library"
npm ERR! node-pre-gyp ERR! cwd /home/pagetbr/KubeflowUpgrade/kubeflow-upstream/components/centraldashboard/node_modules/grpc
npm ERR! node-pre-gyp ERR! node -v v16.16.0
npm ERR! node-pre-gyp ERR! node-pre-gyp -v v0.13.0
npm ERR! node-pre-gyp ERR! not ok

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/pagetbr/.npm/_logs/2022-07-21T17_17_35_519Z-debug-0.log
make: *** [Makefile:33: build-local] Error 1

@bryanpaget
Copy link

Building centraldashboard from our 1.4 branch:

(base) pagetbr@l-pagetbr-1:~/KubeflowUpgrade/kubeflow/components/centraldashboard$ git status
HEAD detached at 90e88bbb
nothing to commit, working tree clean
(base) pagetbr@l-pagetbr-1:~/KubeflowUpgrade/kubeflow/components/centraldashboard$ make build-local 
npm install
npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile 
npm WARN deprecated [email protected]: Please update to ini >=1.3.6 to avoid a prototype pollution issue
npm WARN deprecated [email protected]: This loader has been deprecated. Please use eslint-webpack-plugin
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: 3.x is no longer supported
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated @babel/[email protected]:  This package has been deprecated in favor of separate inclusion of a polyfill and regenerator-runtime (when needed). See the @babel/polyfill docs (https://babeljs.io/docs/en/babel-polyfill) for more information.
npm WARN deprecated [email protected]: We've written a new parser that's 6x faster and is backwards compatible. Please use @formatjs/icu-messageformat-parser
npm WARN deprecated [email protected]: Version no longer supported. Upgrade to @latest
npm WARN deprecated [email protected]: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.

added 1901 packages, and audited 1902 packages in 2m

52 packages are looking for funding
  run `npm fund` for details

59 vulnerabilities (25 moderate, 30 high, 4 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

@bryanpaget
Copy link

bryanpaget commented Jul 21, 2022
edited
Loading

Fixing the security vulnerabilities with npm audit fix --force (twice) yields:

(base) pagetbr@l-pagetbr-1:~/KubeflowUpgrade/kubeflow/components/centraldashboard$ npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating karma to 6.4.0,which is a SemVer major change.
npm WARN audit Updating copy-webpack-plugin to 11.0.0,which is a SemVer major change.
npm WARN audit Updating istanbul-instrumenter-loader to 2.0.0,which is a SemVer major change.
npm WARN audit Updating google-auth-library to 8.1.1,which is a SemVer major change.
npm WARN audit Updating webpack to 5.73.0,which is a SemVer major change.
npm WARN ERESOLVE overriding peer dependency
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from [email protected]
npm WARN node_modules/css-loader
npm WARN   dev css-loader@"^2.1.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@">=2.0.0 <5.0.0" from [email protected]
npm WARN node_modules/eslint-loader
npm WARN   dev eslint-loader@"^2.2.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from [email protected]
npm WARN node_modules/file-loader
npm WARN   dev file-loader@"^3.0.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/html-webpack-plugin
npm WARN   peer html-webpack-plugin@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/script-ext-html-webpack-plugin
npm WARN   1 more (the root project)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/html-webpack-plugin
npm WARN   peer html-webpack-plugin@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/script-ext-html-webpack-plugin
npm WARN   1 more (the root project)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from [email protected]
npm WARN node_modules/karma-webpack
npm WARN   dev karma-webpack@"^4.0.2" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.4.0" from [email protected]
npm WARN node_modules/mini-css-extract-plugin
npm WARN   dev mini-css-extract-plugin@"^0.5.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.3.0" from [email protected]
npm WARN node_modules/raw-loader
npm WARN   dev raw-loader@"^2.0.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/script-ext-html-webpack-plugin
npm WARN   dev script-ext-html-webpack-plugin@"^2.1.4" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/url-loader
npm WARN   dev url-loader@"^1.1.2" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^5.1.0" from [email protected]
npm WARN   node_modules/copy-webpack-plugin
npm WARN     dev copy-webpack-plugin@"11.0.0" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"4.x.x" from [email protected]
npm WARN node_modules/webpack-cli
npm WARN   dev webpack-cli@"^3.3.9" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/pug
npm WARN   dev pug@"3.0.1" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer pug@"^2.0.0" from [email protected]
npm WARN node_modules/pug-loader
npm WARN   dev pug-loader@"^2.4.0" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/pug
npm WARN   peer pug@"^2.0.0" from [email protected]
npm WARN   node_modules/pug-loader
npm WARN     dev pug-loader@"^2.4.0" from the root project

added 69 packages, removed 349 packages, changed 141 packages, and audited 1622 packages in 43s

72 packages are looking for funding
  run `npm fund` for details

# npm audit report

glob-parent  <=5.1.1
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-cj88-88mr-972w
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/webpack-dev-server/node_modules/chokidar
    webpack-dev-server  2.0.0-beta - 4.7.2
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of selfsigned
    node_modules/webpack-dev-server

node-forge  <=1.2.1
Severity: high
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/selfsigned/node_modules/node-forge
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

5 vulnerabilities (3 moderate, 2 high)

To address all issues (including breaking changes), run:
  npm audit fix --force

And the second call:

(base) pagetbr@l-pagetbr-1:~/KubeflowUpgrade/kubeflow/components/centraldashboard$ npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating webpack-dev-server to 4.9.3,which is a SemVer major change.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from [email protected]
npm WARN node_modules/css-loader
npm WARN   dev css-loader@"^2.1.1" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.0.0" from [email protected]
npm WARN   node_modules/css-loader
npm WARN     dev css-loader@"^2.1.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@">=2.0.0 <5.0.0" from [email protected]
npm WARN node_modules/eslint-loader
npm WARN   dev eslint-loader@"^2.2.1" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2.0.0 <5.0.0" from [email protected]
npm WARN   node_modules/eslint-loader
npm WARN     dev eslint-loader@"^2.2.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from [email protected]
npm WARN node_modules/file-loader
npm WARN   dev file-loader@"^3.0.1" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.0.0" from [email protected]
npm WARN   node_modules/file-loader
npm WARN     dev file-loader@"^3.0.1" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/html-webpack-plugin
npm WARN   peer html-webpack-plugin@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/script-ext-html-webpack-plugin
npm WARN   1 more (the root project)
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/html-webpack-plugin
npm WARN     peer html-webpack-plugin@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN     node_modules/script-ext-html-webpack-plugin
npm WARN     1 more (the root project)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.0.0" from [email protected]
npm WARN node_modules/karma-webpack
npm WARN   dev karma-webpack@"^4.0.2" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.0.0" from [email protected]
npm WARN   node_modules/karma-webpack
npm WARN     dev karma-webpack@"^4.0.2" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.4.0" from [email protected]
npm WARN node_modules/mini-css-extract-plugin
npm WARN   dev mini-css-extract-plugin@"^0.5.0" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.4.0" from [email protected]
npm WARN   node_modules/mini-css-extract-plugin
npm WARN     dev mini-css-extract-plugin@"^0.5.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/pug
npm WARN   dev pug@"3.0.1" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer pug@"^2.0.0" from [email protected]
npm WARN node_modules/pug-loader
npm WARN   dev pug-loader@"^2.4.0" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/pug
npm WARN   peer pug@"^2.0.0" from [email protected]
npm WARN   node_modules/pug-loader
npm WARN     dev pug-loader@"^2.4.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^4.3.0" from [email protected]
npm WARN node_modules/raw-loader
npm WARN   dev raw-loader@"^2.0.0" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^4.3.0" from [email protected]
npm WARN   node_modules/raw-loader
npm WARN     dev raw-loader@"^2.0.0" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/script-ext-html-webpack-plugin
npm WARN   dev script-ext-html-webpack-plugin@"^2.1.4" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^1.0.0 || ^2.0.0 || ^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/script-ext-html-webpack-plugin
npm WARN     dev script-ext-html-webpack-plugin@"^2.1.4" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN node_modules/url-loader
npm WARN   dev url-loader@"^1.1.2" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"^3.0.0 || ^4.0.0" from [email protected]
npm WARN   node_modules/url-loader
npm WARN     dev url-loader@"^1.1.2" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@">=2" from [email protected]
npm WARN   node_modules/babel-loader
npm WARN     dev babel-loader@"^8.0.6" from the root project
npm WARN   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer webpack@"4.x.x" from [email protected]
npm WARN node_modules/webpack-cli
npm WARN   dev webpack-cli@"^3.3.9" from the root project
npm WARN 
npm WARN Conflicting peer dependency: [email protected]
npm WARN node_modules/webpack
npm WARN   peer webpack@"4.x.x" from [email protected]
npm WARN   node_modules/webpack-cli
npm WARN     dev webpack-cli@"^3.3.9" from the root project

added 56 packages, removed 93 packages, changed 42 packages, and audited 1585 packages in 7s

74 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

@bryanpaget
Copy link

Once the vulnerabilities are taken care of, building (make build-local) fails:

(base) pagetbr@l-pagetbr-1:~/KubeflowUpgrade/kubeflow/components/centraldashboard$ make build-local 
npm install
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/webpack
npm ERR!   dev webpack@"^5.73.0" from the root project
npm ERR!   peer webpack@">=2" from [email protected]
npm ERR!   node_modules/babel-loader
npm ERR!     dev babel-loader@"^8.0.6" from the root project
npm ERR!   6 more (copy-webpack-plugin, terser-webpack-plugin, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^4.0.0" from [email protected]
npm ERR! node_modules/css-loader
npm ERR!   dev css-loader@"^2.1.1" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/webpack
npm ERR!   peer webpack@"^4.0.0" from [email protected]
npm ERR!   node_modules/css-loader
npm ERR!     dev css-loader@"^2.1.1" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /home/pagetbr/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/pagetbr/.npm/_logs/2022-07-21T17_41_42_250Z-debug-0.log
make: *** [Makefile:33: build-local] Error 1

@bryanpaget
Copy link

bryanpaget commented Jul 21, 2022
edited
Loading

When we look at the difference in packages, once fixed by npm audit-fix --force, we get

New Old
"google-auth-library": "^8.1.1" "google-auth-library": "^5.9.2"
"copy-webpack-plugin": "^11.0.0" "copy-webpack-plugin": "^5.1.1"
"istanbul-instrumenter-loader": "^2.0.0" "istanbul-instrumenter-loader": "^3.0.1"
"karma": "^6.4.0" "karma": "^5.1.1"
"webpack": "^5.73.0" "webpack": "^4.44.1"
"webpack-dev-server": "^4.9.3" "webpack-dev-server": "^3.11.0"

@bryanpaget
Copy link 

[TypeScript] app/api.ts(41,28): error TS2538: Type 'ParsedQs' cannot be used as an index type.
[TypeScript] app/api.ts(41,28): error TS2538: Type 'ParsedQs[]' cannot be used as an index type.
[TypeScript] app/api.ts(41,28): error TS2538: Type 'string[]' cannot be used as an index type.
[TypeScript] app/api.ts(41,28): error TS7015: Element implicitly has an 'any' type because index expression is not of type 'number'.
[TypeScript] app/api.ts(42,44): error TS2538: Type 'ParsedQs' cannot be used as an index type.
[TypeScript] app/api.ts(42,44): error TS2538: Type 'ParsedQs[]' cannot be used as an index type.
[TypeScript] app/api.ts(42,44): error TS2538: Type 'string[]' cannot be used as an index type.
[TypeScript] app/api.ts(42,44): error TS7015: Element implicitly has an 'any' type because index expression is not of type 'number'.
[TypeScript] node_modules/@types/tar/index.d.ts(239,36): error TS2709: Cannot use namespace 'MiniPass' as a type.
[TypeScript]
[TypeScript] 1:18:44 PM - Found 9 errors. Watching for file changes.```

@bryanpaget
Copy link 

(base) pagetbr@l-pagetbr-1:~/KubeflowUpgrade/kubeflow/components/centraldashboard$ npm audit --audit-level critical 
# npm audit report

@grpc/grpc-js  <1.1.8
Severity: high
Prototype pollution in grpc and @grpc/grpc-js - https://github.com/advisories/GHSA-pp75-xfpw-37g9
fix available via `npm audit fix`
node_modules/@grpc/grpc-js

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ajv
node_modules/istanbul-instrumenter-loader/node_modules/ajv
  schema-utils  <=0.4.3
  Depends on vulnerable versions of ajv
  node_modules/istanbul-instrumenter-loader/node_modules/schema-utils
    istanbul-instrumenter-loader  >=3.0.0-beta.0
    Depends on vulnerable versions of schema-utils
    node_modules/istanbul-instrumenter-loader

ansi-html  <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix`
node_modules/ansi-html
  webpack-dev-server  2.0.0-beta - 4.7.2
  Depends on vulnerable versions of ansi-html
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of selfsigned
  node_modules/webpack-dev-server

ansi-regex  4.0.0 - 4.1.0 || 5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/@grpc/grpc-js/node_modules/ansi-regex
node_modules/ansi-regex
node_modules/boxen/node_modules/ansi-regex
node_modules/eslint/node_modules/ansi-regex
node_modules/karma/node_modules/ansi-regex
node_modules/nyc/node_modules/ansi-regex
node_modules/ora/node_modules/ansi-regex
node_modules/table/node_modules/ansi-regex
node_modules/webpack-cli/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/cliui/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/string-width/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/widest-line/node_modules/ansi-regex

async  2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/browserslist

chart.js  <2.9.4
Severity: high
Prototype pollution in chart.js - https://github.com/advisories/GHSA-h68q-55jf-x68w
fix available via `npm audit fix`
node_modules/chart.js

dns-packet  <1.3.2
Severity: high
Potential memory exposure in dns-packet - https://github.com/advisories/GHSA-3wcq-x3mq-6r9p
fix available via `npm audit fix`
node_modules/dns-packet

elliptic  <6.5.4
Severity: moderate
Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w
fix available via `npm audit fix`
node_modules/elliptic

engine.io  <3.6.0
Severity: high
Resource exhaustion in engine.io  - https://github.com/advisories/GHSA-j4f2-536g-r55m
fix available via `npm audit fix`
node_modules/engine.io
  socket.io  <=2.4.1
  Depends on vulnerable versions of engine.io
  Depends on vulnerable versions of socket.io-client
  node_modules/socket.io

eventsource  <1.1.1
Severity: critical
Exposure of Sensitive Information in eventsource - https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
fix available via `npm audit fix`
node_modules/eventsource

follow-redirects  <=1.14.7
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
fix available via `npm audit fix`
node_modules/follow-redirects

glob-parent  <=5.1.1
Severity: high
Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6
glob-parent before 6.0.1 and 5.1.2 vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-cj88-88mr-972w
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/chokidar/node_modules/glob-parent
node_modules/eslint/node_modules/glob-parent
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/watchpack-chokidar2/node_modules/chokidar
  node_modules/webpack-dev-server/node_modules/chokidar
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
        webpack  4.44.0 - 4.46.0
        Depends on vulnerable versions of watchpack
        node_modules/webpack
  copy-webpack-plugin  5.0.1 - 5.1.2
  Depends on vulnerable versions of glob-parent
  node_modules/copy-webpack-plugin

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix`
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        nodemon  1.3.5 - 2.0.16 || 2.0.18
        Depends on vulnerable versions of update-notifier
        node_modules/nodemon

hosted-git-info  <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/hosted-git-info

ini  <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/ini

json-bigint  <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - https://github.com/advisories/GHSA-wgfq-7857-4jcc
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/gcp-metadata/node_modules/json-bigint
  gcp-metadata  0.8.0 - 4.1.0
  Depends on vulnerable versions of json-bigint
  node_modules/gcp-metadata
    google-auth-library  0.9.4 - 5.10.1
    Depends on vulnerable versions of gcp-metadata
    Depends on vulnerable versions of gtoken
    node_modules/google-auth-library

karma  <=6.3.15
Severity: high
Open redirect in karma - https://github.com/advisories/GHSA-rc3x-jf5g-xvc5
Cross-site Scripting in karma - https://github.com/advisories/GHSA-7x7c-qm48-pq9c
Depends on vulnerable versions of ua-parser-js
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/karma

lodash  <=4.17.20
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
fix available via `npm audit fix`
node_modules/@babel/core/node_modules/lodash
node_modules/@babel/helper-annotate-as-pure/node_modules/lodash
node_modules/@babel/helper-builder-binary-assignment-operator-visitor/node_modules/lodash
node_modules/@babel/helper-create-class-features-plugin/node_modules/lodash
node_modules/@babel/helper-define-map/node_modules/lodash
node_modules/@babel/helper-explode-assignable-expression/node_modules/lodash
node_modules/@babel/helper-hoist-variables/node_modules/lodash
node_modules/@babel/helper-member-expression-to-functions/node_modules/lodash
node_modules/@babel/helper-module-transforms/node_modules/lodash
node_modules/@babel/helper-optimise-call-expression/node_modules/lodash
node_modules/@babel/helper-regex/node_modules/lodash
node_modules/@babel/helper-remap-async-to-generator/node_modules/lodash
node_modules/@babel/helper-replace-supers/node_modules/lodash
node_modules/@babel/helper-simple-access/node_modules/lodash
node_modules/@babel/helper-wrap-function/node_modules/lodash
node_modules/@babel/helpers/node_modules/lodash
node_modules/@babel/plugin-transform-async-to-generator/node_modules/lodash
node_modules/@babel/plugin-transform-classes/node_modules/lodash
node_modules/@babel/plugin-transform-function-name/node_modules/lodash
node_modules/@babel/plugin-transform-parameters/node_modules/lodash
node_modules/@babel/preset-env/node_modules/lodash
node_modules/concurrently/node_modules/lodash
node_modules/eslint/node_modules/lodash
node_modules/lodash

log4js  <6.4.0
Severity: moderate
Incorrect Default Permissions in log4js - https://github.com/advisories/GHSA-82v2-mx6x-wq7q
fix available via `npm audit fix`
node_modules/log4js

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/@babel/core/node_modules/minimist
node_modules/babel-loader/node_modules/minimist
node_modules/minimist
node_modules/portfinder/node_modules/minimist
node_modules/webpack/node_modules/minimist

moment  <=2.29.3
Severity: high
Path Traversal: 'dir/../../filename' in moment.locale - https://github.com/advisories/GHSA-8hfj-j24r-96c4
Inefficient Regular Expression Complexity in moment - https://github.com/advisories/GHSA-wc69-rhjr-hc9g
fix available via `npm audit fix`
node_modules/moment

node-fetch  <=2.6.6
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
fix available via `npm audit fix`
node_modules/node-fetch

node-forge  <=1.2.1
Severity: high
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
Prototype Pollution in node-forge util.setPath API - https://github.com/advisories/GHSA-wxgw-qj99-44c2
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Prototype Pollution in node-forge - https://github.com/advisories/GHSA-92xj-mqp7-vmcj
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/google-p12-pem/node_modules/node-forge
node_modules/node-forge
  google-p12-pem  <=3.1.2
  Depends on vulnerable versions of node-forge
  node_modules/google-p12-pem
    gtoken  <=5.0.0
    Depends on vulnerable versions of google-p12-pem
    node_modules/gtoken
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

normalize-url  4.3.0 - 4.5.0
Severity: high
ReDoS in normalize-url - https://github.com/advisories/GHSA-px4h-xg32-q955
fix available via `npm audit fix`
node_modules/normalize-url

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/css-select
    renderkid  1.0.0 - 2.0.5
    Depends on vulnerable versions of css-select
    node_modules/renderkid

path-parse  <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse

postcss  <=7.0.35
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix`
node_modules/postcss

protobufjs  <6.10.3
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs


socket.io-parser  <3.3.2
Severity: high
Resource exhaustion in socket.io-parser - https://github.com/advisories/GHSA-xfhh-g9f5-x4m4
fix available via `npm audit fix`
node_modules/socket.io-client/node_modules/socket.io-parser

ssri  5.2.2 - 6.0.1 || 8.0.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/copy-webpack-plugin/node_modules/ssri
node_modules/ssri
node_modules/webpack/node_modules/ssri

tar  6.0.0 - 6.1.8
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/tar

terser  >=5.0.0 <5.14.2 || <4.8.1
Severity: moderate
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
fix available via `npm audit fix`
node_modules/terser
node_modules/webpack/node_modules/terser

ua-parser-js  <=0.7.23
Severity: high
Regular Expression Denial of Service in ua-parser-js - https://github.com/advisories/GHSA-662x-fhqg-9p8v
Regular Expression Denial of Service (ReDoS) in ua-parser-js - https://github.com/advisories/GHSA-394c-5j6w-4xmx
Regular Expression Denial of Service (ReDoS) in ua-parser-js - https://github.com/advisories/GHSA-78cj-fxph-m83p
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ua-parser-js

url-parse  <=1.5.8
Severity: critical
Incorrect hostname / protocol due to unstripped leading control characters. - https://github.com/advisories/GHSA-jf5r-8hm2-f872
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
Open redirect in url-parse - https://github.com/advisories/GHSA-hh27-ffr2-f2jc
Incorrect returned href via an '@' sign but no user info and hostname - https://github.com/advisories/GHSA-8v38-pw62-9cw2
Path traversal in url-parse - https://github.com/advisories/GHSA-9m6j-fcg5-2442
fix available via `npm audit fix`
node_modules/url-parse

ws  6.0.0 - 6.2.1 || 7.0.0 - 7.4.5
Severity: moderate
ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693
ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693
fix available via `npm audit fix`
node_modules/engine.io-client/node_modules/ws
node_modules/engine.io/node_modules/ws
node_modules/puppeteer/node_modules/ws
node_modules/ws
  engine.io-client  0.7.0 || 0.7.8 - 0.7.9 || 1.6.0 - 1.8.5 || 2.0.0 - 3.5.1 || 4.0.0-alpha.0 - 4.1.3
  Depends on vulnerable versions of ws
  Depends on vulnerable versions of xmlhttprequest-ssl
  node_modules/engine.io-client
    socket.io-client  2.2.0 - 2.3.1
    Depends on vulnerable versions of engine.io-client
    node_modules/socket.io-client

xmlhttprequest-ssl  <=1.6.1
Severity: critical
Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5
Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg
fix available via `npm audit fix`
node_modules/xmlhttprequest-ssl

y18n  4.0.0
Severity: high
Prototype Pollution in y18n - https://github.com/advisories/GHSA-c4w7-xm78-47vh
fix available via `npm audit fix`
node_modules/y18n

60 vulnerabilities (25 moderate, 30 high, 5 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

@bryanpaget
Copy link

bryanpaget commented Jul 21, 2022
edited
Loading

The 4 critical bugs are:

eventsource  <1.1.1
Severity: critical
Exposure of Sensitive Information in eventsource - https://github.com/advisories/GHSA-6h5x-7c5m-7cr7
fix available via `npm audit fix`
node_modules/eventsource

---

xmlhttprequest-ssl  <=1.6.1
Severity: critical
Improper Certificate Validation in xmlhttprequest-ssl - https://github.com/advisories/GHSA-72mh-269x-7mh5
Arbitrary Code Injection - https://github.com/advisories/GHSA-h4j5-c7cj-74xg
fix available via `npm audit fix`
node_modules/xmlhttprequest-ssl

---

url-parse  <=1.5.8
Severity: critical
Incorrect hostname / protocol due to unstripped leading control characters. - https://github.com/advisories/GHSA-jf5r-8hm2-f872
Authorization Bypass Through User-Controlled Key in url-parse - https://github.com/advisories/GHSA-hgjh-723h-mx2j
Authorization bypass in url-parse - https://github.com/advisories/GHSA-rqff-837h-mm52
Open redirect in url-parse - https://github.com/advisories/GHSA-hh27-ffr2-f2jc
Incorrect returned href via an '@' sign but no user info and hostname - https://github.com/advisories/GHSA-8v38-pw62-9cw2
Path traversal in url-parse - https://github.com/advisories/GHSA-9m6j-fcg5-2442
fix available via `npm audit fix`
node_modules/url-parse

---

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/@babel/core/node_modules/minimist
node_modules/babel-loader/node_modules/minimist
node_modules/minimist
node_modules/portfinder/node_modules/minimist
node_modules/webpack/node_modules/minimist

@wg102
Copy link
Author

wg102 commented Jul 21, 2022
edited
Loading

WE are going to check, for the critical vulnerabilities, if we can patch them up directly. And this way filter out the issues

URL-PARSE https://nvd.nist.gov/vuln/detail/CVE-2022-0691
Should be fixed in 1.5.9 and higher

MINIMIST: CVE-2021-44906
Should be fixed in 1.2.6 and higher

@bryanpaget
Copy link

For eventsource, the CVE is:

CVE-2022-1650: Exposure of Sensitive Information in eventsource

When fetching an url with a link to an external site (Redirect), the users Cookies & Autorisation headers are leaked to the third party application. According to the same-origin-policy, the header should be "sanitized."

And for xmlhttprequest-ssl there are two CVEs:

CVE-2021-31597: Improper Certificate Validation in xmlhttprequest-ssl

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

CVE-2020-28502: Arbitrary Code Injection

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.

@bryanpaget
Copy link

Success with installing [email protected]:

(base) pagetbr@l-pagetbr-1:~/KubeflowUpgrade/kubeflow/components/centraldashboard$ npm install [email protected]
npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile 
npm WARN deprecated [email protected]: Please update to ini >=1.3.6 to avoid a prototype pollution issue
npm WARN deprecated [email protected]: 3.x is no longer supported. Please upgrade to 4.x.
npm WARN deprecated [email protected]: 2.x is no longer supported. Please upgrade to 4.x.
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.

added 188 packages, removed 18 packages, changed 110 packages, and audited 1902 packages in 32s

52 packages are looking for funding
  run `npm fund` for details

58 vulnerabilities (25 moderate, 30 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

Installing [email protected] fails:

(base) pagetbr@l-pagetbr-1:~/KubeflowUpgrade/kubeflow/components/centraldashboard$ npm install [email protected]
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/pug
npm ERR!   dev pug@"3.0.1" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer pug@"^2.0.0" from [email protected]
npm ERR! node_modules/pug-loader
npm ERR!   dev pug-loader@"^2.4.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/pug
npm ERR!   peer pug@"^2.0.0" from [email protected]
npm ERR!   node_modules/pug-loader
npm ERR!     dev pug-loader@"^2.4.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /home/pagetbr/.npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/pagetbr/.npm/_logs/2022-07-21T18_54_09_617Z-debug-0.log

@bryanpaget bryanpaget linked a pull request Jul 21, 2022 that will close this issue
install(packages): overcome CVEs #89
Closed
@wg102
Copy link
Author

wg102 commented Jul 26, 2022

As of right now, the tests cannot be run for us. Therefore the ticket will be considered closed until such a time arrives. @bryanpaget is in contact with upstream about this. See ticket 6592 in upstream (not referenced to avoid link)

@wg102 wg102 closed this as completed Jul 26, 2022
@wg102
Copy link
Author

wg102 commented Jul 26, 2022

Note, the branch 1.4 will not be closed until ready to deploy in at least dev.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wg102 wg102

Labels
component/kubeflow
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

install(packages): overcome CVEs StatCan/kubeflow
2 participants
@bryanpaget @wg102