Arique1104/worklog-12-4-23.md Secret

## worklog-12-4-23.md

      
    Raw
  

              worklog-12-4-23.md
            
          
    Log of work for 12/4/23


There was an error in the pull request: error spoke@13.1.0: The engine "node" is incompatible with this module. Expected version ">=20.0.0". Got "18.18.2" error Found incompatible module.
I ran yarn add node@20.0.0 and now have these deprecation warnings:

warning " > eslint-config-airbnb@19.0.4" has unmet peer dependency "eslint-plugin-react-hooks@^4.3.0".
warning " > jest-when@3.5.2" has unmet peer dependency "jest@>= 25".
warning "react-scripts > eslint-config-react-app > eslint-plugin-flowtype@8.0.3" has unmet peer dependency "@babel/plugin-syntax-flow@^7.14.5".
warning "react-scripts > eslint-config-react-app > eslint-plugin-flowtype@8.0.3" has unmet peer dependency "@babel/plugin-transform-react-jsx@^7.14.9".
warning "react-scripts > react-dev-utils > fork-ts-checker-webpack-plugin@6.5.2" has unmet peer dependency "typescript@>= 2.7".
warning "react-scripts > eslint-config-react-app > @typescript-eslint/eslint-plugin > tsutils@3.21.0" has unmet peer dependency "typescript@>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta".
warning "react-formal > @typescript-eslint/parser@4.33.0" has incorrect peer dependency "eslint@^5.0.0 || ^6.0.0 || ^7.0.0".


ran > npm install eslint-plugin-react-hooks@^4.3.0 --save-dev and got the following output:

npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated core-js@1.2.7: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.


It shared that I needed to upgrade to version 7 or higher because older versions use Math.random() which is known to be problematic.
Here are the documents in our code that uses Math.random():
Now that I've identified where in the code this problematic method exists, I can look at the documentation posted to see what my options are in upgrading away from Math.random() function
Okay, so Math.random() can stay the same as a function, but the version it's pulling from is no longer secure.  Now let's look at if Matho.random() is being used for:

Non-testing suites using Math.random() are:

/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/components/CampaignCannedResponsesForm.jsx
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/components/CampaignInteractionStepsForm.jsx
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/service-managers/twilio-account-switching/index.js
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/service-vendors/nexmo/index.js
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/extensions/service-vendors/twilio/index.js
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/server/api/message.js
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/server/api/schema.js
/Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork/src/server/lib/http-request.js

14 results - 10 files

**src/components/CampaignCannedResponsesForm.jsx:
  103    getCannedResponseId() {
  104:     return Math.random()
  105        .toString(36)

**src/components/CampaignInteractionStepsForm.jsx:
  124          "new" +
  125:         Math.random()
  126            .toString(36)

IGNORE FOR NOW: src/extensions/contact-loaders/test-fakedata/index.js:
  138        campaignIndex: String(i),
  139:       [`custom${campaignId}`]: String(Math.random()).slice(3, 8)
  140      });

  152        zip: "10011",
  153:       external_id: "fake" + String(Math.random()).slice(3, 8),
  154        custom_fields: genCustomFields(i, campaignId),
  155        timezone_offset:
  156:         timezones[parseInt(Math.random() * timezones.length, 10)],
  157        message_status: "needsMessage",

**src/extensions/service-managers/twilio-account-switching/index.js:
  52          messageServiceSids[
  53:           Math.floor(Math.random() * messageServiceSids.length)
  54          ] // Get random message service SId

IGNORE FOR NOW: src/extensions/service-vendors/fakeservice/index.js:
   73          id: undefined,
   74:         service_id: `mockedresponse${Math.random()}`,
   75          is_from_contact: true,

  102      firstPart.service_id ||
  103:     `fakeservice_${Math.random()
  104        .toString(36)

  193    if (lookupName) {
  194:     contactInfo.lookup_name = `Foo ${parseInt(Math.random() * 1000)}`;
  195    }

**src/extensions/service-vendors/nexmo/index.js:
  97        .split("")
  98:       .map(() => parseInt(Math.random() * 10))
  99        .join("");

**src/extensions/service-vendors/twilio/index.js:
  380          fakeResponse = {
  381:           sid: `FAKETWILIIO${Math.random()}`
  382          };

// Even though the above is utilized to make a fake-response, it still has a method within a service-vendor.

**src/server/api/message.js:
  13      // cached messages don't have message.id -- why bother
  14:     id: msg => msg.id || `fake${Math.random()}`,
  15      userId: msg => msg.user_id || null

src/server/api/schema.js:
  530        const contactNumber = contact.cell;
  531:       const mockId = `mocked_${Math.random()
  532          .toString(36)

**src/server/lib/http-request.js:
  35      const baseDelay = retryDelayMs || 50;
  36:     const randomDelay = Math.floor(Math.random() * (baseDelay / 2));
  37      return baseDelay + randomDelay;


ran > npm install jest@25 --save-dev and the output was:

npm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
npm WARN deprecated domexception@1.0.1: Use your platform's native DOMException instead
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated sane@4.1.0: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added


ran npm install @babel/plugin-syntax-flow@^7.14.5 --save -dev w/o any outputs. :)


ran npm install @babel/plugin-transform-react-jsx@^7.14.9 w/o any outputs. :)


npm install typescript@>= 2.7 --save


npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: spoke@13.1.0
npm WARN Found: typescript@4.9.5
npm WARN node_modules/typescript
npm WARN   peer typescript@">= 2.7" from fork-ts-checker-webpack-plugin@6.5.2
npm WARN   node_modules/fork-ts-checker-webpack-plugin
npm WARN     fork-ts-checker-webpack-plugin@"^6.5.0" from react-dev-utils@12.0.1
npm WARN     node_modules/react-dev-utils
npm WARN   3 more (react-scripts, tsutils, the root project)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peerOptional typescript@"^3.2.1 || ^4" from react-scripts@5.0.1
npm WARN node_modules/react-scripts
npm WARN   dev react-scripts@"^5.0.1" from the root project
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/2.7 - Not found
npm ERR! 404
npm ERR! 404  '2.7@*' is not in this registry.
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.


Tried again w/  npm install typescript@2.7 --save-dev and got this output

npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: spoke@13.1.0
npm WARN Found: typescript@4.9.5
npm WARN node_modules/typescript
npm WARN   peer typescript@">= 2.7" from fork-ts-checker-webpack-plugin@6.5.2
npm WARN   node_modules/fork-ts-checker-webpack-plugin
npm WARN     fork-ts-checker-webpack-plugin@"^6.5.0" from react-dev-utils@12.0.1
npm WARN     node_modules/react-dev-utils
npm WARN   3 more (react-scripts, tsutils, the root project)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peerOptional typescript@"^3.2.1 || ^4" from react-scripts@5.0.1
npm WARN node_modules/react-scripts
npm WARN   dev react-scripts@"^5.0.1" from the root project

added 8 packages, removed 1 package, changed 1 package, and audited 3391 packages in 23s

292 packages are looking for funding
  run `npm fund` for details

76 vulnerabilities (5 low, 39 moderate, 27 high, 5 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.


After looking into this error, I realized that I had downloaded a typescript that was too high (4) and needed to lower it to something smaller (3).
I entered npm install typescript@3.2.1 --save and got no additional outputs :) RESOLVED!

AND WE HAVE A GIT FIRE! My updates were rejected.  What's frustrating is that the change they are asking me to rectify is for the readme, but it's pushing everything else away from uniting this change.  So let me see which one is most apt for the major changes in this branch:
hint:   git config pull.rebase false  # merge (the default strategy)
hint:   git config pull.rebase true   # rebase
hint:   git config pull.ff only       # fast-forward only

These were all of my actions before I made a commit that was on the repository and needed to be pulled down.
I believe that because I lowered my typescript version, the remotes have changed.  I'm going to remove the commits I have in my local and redo these changes.
10445  yarn install node@20.0.0
10446  yarn add node@20.0.0
10447  git add .
10448  git commit -m "Adds node 20 upgrade to project dependencies"
10449  yarn dev
10450  npm install eslint-plugin-react-hooks@^4.3.0 --save-dev
10451  git status
10452  git add .
10453  git commit -m "Adds eslint-plugin-react-hooks to dev dependencies"
10454  npm install jest@25 --save-dev
10455  git status
10456  git add .
10457  git commit -m "Adds jest 25 as a dev dependency"
10458  npm install @babel/plugin-syntax-flow@^7.14.5 --save -dev
10459  git add .
10460  git commit -m "Adds peer dependency @babel/plugin-syntax-flow 7.15.5"
10461  npm install @babel/plugin-transform-react-jsx@^7.14.9
10462  git add .
10463  git commit -m "Adds @babel/plugin-transform-react-jsx@^7.14.9 to project dependencies"
10464  npm install typescript@>= 2.7 --save
10465  git status
10466  npm install typescript@2.7 --save-dev
10467  npm install typescript@3.2.1 --save
10468  git status
10469  git add .
10470  git commit -m "Adds the correct version of typescript to dependencies"
10471  yarn dev
10472  git push origin node20-update-II

Ran yarn install --flat and am getting a lot of questions


Below are my responses to help go back and make a better choice later:


Here is the output that I completed.  This was deemed a deadend


entered > npm install @mui/x-date-pickers --save


npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: spoke@13.1.0
npm ERR! Found: react@16.14.0
npm ERR! node_modules/react
npm ERR!   react@"16.14.0" from the root project
npm ERR!   peer react@">=16.8.0" from @emotion/react@11.11.1
npm ERR!   node_modules/@emotion/react
npm ERR!     peerOptional @emotion/react@"^11.9.0" from @mui/x-date-pickers@6.18.3
npm ERR!     node_modules/@mui/x-date-pickers
npm ERR!       @mui/x-date-pickers@"*" from the root project
npm ERR!     peer @emotion/react@"^11.0.0-rc.0" from @emotion/styled@11.11.0
npm ERR!     node_modules/@emotion/styled
npm ERR!       peerOptional @emotion/styled@"^11.8.1" from @mui/x-date-pickers@6.18.3
npm ERR!       node_modules/@mui/x-date-pickers
npm ERR!         @mui/x-date-pickers@"*" from the root project
npm ERR!       1 more (@mui/material)
npm ERR!     1 more (@mui/material)
npm ERR!   1 more (@emotion/styled)
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^17.0.0 || ^18.0.0" from @mui/material@5.14.19
npm ERR! node_modules/@mui/material
npm ERR!   peer @mui/material@"^5.8.6" from @mui/x-date-pickers@6.18.3
npm ERR!   node_modules/@mui/x-date-pickers
npm ERR!     @mui/x-date-pickers@"*" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR!
npm ERR! For a full report see:
npm ERR! /Users/ariqueaguilar/.npm/_logs/2023-12-04T21_00_00_998Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: /Users/ariqueaguilar/.npm/_logs/2023-12-04T21_00_00_998Z-debug-0.log

npm audit report
@cypress/request  <=2.88.12
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install cypress@13.6.0, which is a breaking change
node_modules/@cypress/request
  cypress  4.3.0 - 12.17.4
  Depends on vulnerable versions of @cypress/request
  node_modules/cypress

apollo-server-core  <=2.26.0
Severity: moderate
Introspection in schema validation in Apollo Server - https://github.com/advisories/GHSA-w42g-7vfc-xf37
Prevent logging invalid header values - https://github.com/advisories/GHSA-j5g3-5c8r-7qfx
fix available via `npm audit fix --force`
Will install apollo-server-express@3.13.0, which is a breaking change
node_modules/apollo-server-core
  apollo-server-express  <=2.14.1
  Depends on vulnerable versions of apollo-server-core
  node_modules/apollo-server-express


axios  0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install @bandwidth/messaging@4.1.3, which is a breaking change
node_modules/axios
node_modules/twilio/node_modules/axios
  @bandwidth/messaging  3.0.0 - 4.1.2
  Depends on vulnerable versions of axios
  node_modules/@bandwidth/messaging
  twilio  2.6.0 - 4.19.0 || >=5.0.0-rc16
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of jsonwebtoken
  node_modules/twilio

cli  <=0.11.3
Arbitrary File Write in cli - https://github.com/advisories/GHSA-6cpc-mj5c-m9rq
Node CLI Allows Arbitrary File Overwrite - https://github.com/advisories/GHSA-3mrp-qhcj-mwv5
No fix available
node_modules/cli
  color-difference  *
  Depends on vulnerable versions of cli
  node_modules/color-difference

debug  4.0.0 - 4.3.0
Severity: moderate
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
No fix available
node_modules/rethink-knex-adapter/node_modules/debug
  knex  <=2.3.0
  Depends on vulnerable versions of debug
  node_modules/rethink-knex-adapter/node_modules/knex
    rethink-knex-adapter  *
    Depends on vulnerable versions of knex
    Depends on vulnerable versions of thinky
    node_modules/rethink-knex-adapter

degenerator  <3.0.1
Severity: high
Code Injection in pac-resolver - https://github.com/advisories/GHSA-9j49-mfvp-vmhm
fix available via `npm audit fix --force`
Will install mailgun-js@0.6.7, which is a breaking change
node_modules/degenerator
  pac-resolver  <=4.2.0
  Depends on vulnerable versions of degenerator
  Depends on vulnerable versions of netmask
  node_modules/pac-resolver
    pac-proxy-agent  <=4.1.0
    Depends on vulnerable versions of pac-resolver
    node_modules/pac-proxy-agent
      proxy-agent  1.1.0 - 4.0.1
      Depends on vulnerable versions of pac-proxy-agent
      node_modules/proxy-agent
        mailgun-js  >=0.6.8
        Depends on vulnerable versions of proxy-agent
        node_modules/mailgun-js

flat  <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
fix available via `npm audit fix --force`
Will install json2csv@6.0.0-alpha.2, which is a breaking change
node_modules/flat
  json2csv  3.1.0 - 4.0.0-alpha.2
  Depends on vulnerable versions of flat
  node_modules/json2csv

glob-parent  <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install webpack-dev-server@4.15.1, which is a breaking change
node_modules/webpack-dev-server/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/webpack-dev-server/node_modules/chokidar
    webpack-dev-server  2.0.0-beta - 4.7.2
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of selfsigned
    node_modules/webpack-dev-server

jsdom  <=16.5.3
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-native
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install jest@29.7.0, which is a breaking change
node_modules/jsdom
  jest-environment-jsdom  10.0.2 - 25.5.0
  Depends on vulnerable versions of jsdom
  node_modules/jest-environment-jsdom
    jest-config  12.1.1-alpha.2935e14d - 25.5.4
    Depends on vulnerable versions of @jest/test-sequencer
    Depends on vulnerable versions of jest-environment-jsdom
    Depends on vulnerable versions of jest-jasmine2
    node_modules/jest-config
      jest-cli  12.1.1-alpha.2935e14d || 12.1.2-alpha.6230044c - 25.5.4
      Depends on vulnerable versions of @jest/core
      Depends on vulnerable versions of jest-config
      node_modules/jest-cli
        jest  12.1.2-alpha.6230044c - 25.5.4
        Depends on vulnerable versions of @jest/core
        Depends on vulnerable versions of jest-cli
        node_modules/jest
      jest-runner  21.0.0-alpha.1 - 25.5.4
      Depends on vulnerable versions of jest-config
      Depends on vulnerable versions of jest-jasmine2
      Depends on vulnerable versions of jest-runtime
      node_modules/jest-runner
      jest-runtime  12.1.1-alpha.2935e14d - 25.5.4
      Depends on vulnerable versions of jest-config
      node_modules/jest-runtime
        @jest/test-sequencer  <=25.5.4
        Depends on vulnerable versions of jest-runner
        Depends on vulnerable versions of jest-runtime
        node_modules/@jest/test-sequencer
        jest-jasmine2  24.2.0-alpha.0 - 25.5.4
        Depends on vulnerable versions of jest-runtime
        node_modules/jest-jasmine2

json-bigint  <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - https://github.com/advisories/GHSA-wgfq-7857-4jcc
fix available via `npm audit fix --force`
Will install googleapis@129.0.0, which is a breaking change
node_modules/json-bigint
  gcp-metadata  0.8.0 - 4.1.0
  Depends on vulnerable versions of json-bigint
  node_modules/gcp-metadata
    google-auth-library  0.9.4 - 5.10.1
    Depends on vulnerable versions of gcp-metadata
    Depends on vulnerable versions of gtoken
    node_modules/google-auth-library
      googleapis  37.0.0-webpack - 48.0.0
      Depends on vulnerable versions of google-auth-library
      Depends on vulnerable versions of googleapis-common
      node_modules/googleapis
      googleapis-common  0.5.0-webpack - 0.5.0-webpack3 || 0.6.0-webpack - 3.2.2
      Depends on vulnerable versions of google-auth-library
      node_modules/googleapis-common

jsonwebtoken  <=8.5.1
Severity: moderate
jsonwebtoken unrestricted key type could lead to legacy keys usage  - https://github.com/advisories/GHSA-8cf7-32gw-wr33
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
fix available via `npm audit fix --force`
Will install nexmo@0.0.7, which is a breaking change
node_modules/nexmo/node_modules/jsonwebtoken
node_modules/twilio/node_modules/jsonwebtoken
  nexmo  *
  Depends on vulnerable versions of jsonwebtoken
  Depends on vulnerable versions of request
  node_modules/nexmo


netmask  <=2.0.0
Severity: critical
Improper parsing of octal bytes in netmask - https://github.com/advisories/GHSA-4c7m-wxvm-r7gc
netmask npm package mishandles octal input data - https://github.com/advisories/GHSA-pch5-whg9-qr2r
fix available via `npm audit fix --force`
Will install mailgun-js@0.6.7, which is a breaking change
node_modules/netmask

node-fetch  <=2.6.6
Severity: high
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix --force`
Will install isomorphic-fetch@3.0.0, which is a breaking change
node_modules/isomorphic-fetch/node_modules/node-fetch
  isomorphic-fetch  2.0.0 - 2.2.1
  Depends on vulnerable versions of node-fetch
  node_modules/isomorphic-fetch
    fbjs  0.7.0 - 1.0.0
    Depends on vulnerable versions of isomorphic-fetch
    node_modules/recompose/node_modules/fbjs
      recompose  >=0.18.0
      Depends on vulnerable versions of fbjs
      node_modules/recompose

node-forge  <=1.2.1
Severity: high
Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g
fix available via `npm audit fix --force`
Will install webpack-dev-server@4.15.1, which is a breaking change
node_modules/node-forge
  google-p12-pem  <=3.1.2
  Depends on vulnerable versions of node-forge
  node_modules/google-p12-pem
    gtoken  <=5.0.0
    Depends on vulnerable versions of google-p12-pem
    node_modules/gtoken
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

node-notifier  <8.0.1
Severity: moderate
OS Command Injection in node-notifier - https://github.com/advisories/GHSA-5fw9-fq32-wv5p
fix available via `npm audit fix --force`
Will install jest@29.7.0, which is a breaking change
node_modules/node-notifier
  @jest/reporters  <=26.4.0
  Depends on vulnerable versions of node-notifier
  node_modules/@jest/reporters
    @jest/core  <=25.5.4
    Depends on vulnerable versions of @jest/reporters
    Depends on vulnerable versions of jest-config
    Depends on vulnerable versions of jest-runner
    Depends on vulnerable versions of jest-runtime
    node_modules/@jest/core

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          Depends on vulnerable versions of resolve-url-loader
          node_modules/react-scripts


passport  <0.6.0
Severity: moderate
Passport vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69
fix available via `npm audit fix --force`
Will install passport@0.7.0, which is a breaking change
node_modules/passport

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
  Depends on vulnerable versions of postcss
  node_modules/resolve-url-loader

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix --force`
Will install nexmo@0.0.7, which is a breaking change
node_modules/request
  passport-auth0  <=1.4.0
  Depends on vulnerable versions of request
  node_modules/passport-auth0
  request-promise-core  *
  Depends on vulnerable versions of request
  node_modules/request-promise-core
    request-promise-native  >=1.0.0
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-core
    Depends on vulnerable versions of tough-cookie
    node_modules/request-promise-native
  wait-on  <=4.0.2
  Depends on vulnerable versions of request
  node_modules/wait-on

semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/simple-update-notifier/node_modules/semver
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier
    nodemon  2.0.19 - 2.0.22
    Depends on vulnerable versions of simple-update-notifier
    node_modules/nodemon

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install nexmo@0.0.7, which is a breaking change
node_modules/jsdom/node_modules/tough-cookie
node_modules/request-promise-native/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie

trim-newlines  <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
No fix available
node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  node_modules/meow
    us-area-codes  *
    Depends on vulnerable versions of meow
    node_modules/us-area-codes

validator  <13.7.0
Severity: moderate
Inefficient Regular Expression Complexity in validator.js - https://github.com/advisories/GHSA-qgmg-gppg-76g5
fix available via `npm audit fix --force`
Will install thinky@1.15.1, which is a breaking change
node_modules/validator
  thinky  >=1.15.2
  Depends on vulnerable versions of validator
  node_modules/thinky

xml2js  <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
No fix available
node_modules/xml2js
  @bandwidth/numbers  *
  Depends on vulnerable versions of xml2js
  node_modules/@bandwidth/numbers
  selenium-webdriver  2.43.1 - 4.0.0-rc-2
  Depends on vulnerable versions of xml2js
  node_modules/selenium-webdriver

76 vulnerabilities (5 low, 39 moderate, 27 high, 5 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.


output for yarn install --check-files

> yarn install --check-files
yarn install v1.22.10
warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json.
[1/5] 🔍  Validating package.json...
[2/5] 🔍  Resolving packages...
[3/5] 🚚  Fetching packages...
[4/5] 🔗  Linking dependencies...
warning "react-formal > @typescript-eslint/parser@4.33.0" has incorrect peer dependency "eslint@^5.0.0 || ^6.0.0 || ^7.0.0".
[5/5] 🔨  Building fresh packages...


entered > npm install react-formal@2.7.1 --save FIXED!
resource for above choice to upgrade react-formal instead of downgrade

MISSING COMMAND THAT GAVE US THIS ERROR, possibly yarn install?
We've been able to limit it to one of these three as the input to recieve the below output
10204  yarn install
10205  yarn test
10206  yarn run test-sqlite
OUTPUT
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated core-js@1.2.7: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.

> npm install babel-jest@29.7.0 --save-dev
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated core-js@1.2.7: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.

npm install core-js@3.34.0
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.
npm WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js

> npm install jest@29.7.0 --save-dev
Deprecation Warning:

  Option "testURL" was replaced by passing the URL via "testEnvironmentOptions.url".

  Please update your configuration.

  Configuration Documentation:
  https://jestjs.io/docs/configuration

● Deprecation Warning:

  Option "testURL" was replaced by passing the URL via "testEnvironmentOptions.url".

  Please update your configuration.

  Configuration Documentation:
  https://jestjs.io/docs/configuration


We read the jest documentation and realized we are missing a babel.config.js file that is required to set the correct node version for testing.  Going to see if this fixes our initial error.


running yarn install to see what deprecation warnings show up.


npm install uuid@9.0.1 --save
npm WARN deprecated domexception@2.0.1: Use your platform's native DOMException instead
npm WARN deprecated formidable@1.2.6: Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated core-js@1.2.7: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.


> npm ls core-js

spoke@13.1.0 /Users/ariqueaguilar/node-update/Spoke_Hackathon_Fork
├─┬ apollo-server-express@1.4.0
│ └─┬ apollo-server-core@1.4.0
│   └─┬ graphql-extensions@0.0.10
│     └── core-js@2.6.12
├─┬ babel-polyfill@6.26.0
│ └── core-js@2.6.12
├─┬ babel-runtime@6.26.0
│ └── core-js@2.6.12
├── core-js@3.34.0
├─┬ draft-js@0.11.7
│ └─┬ fbjs@2.0.0
│   └── core-js@3.34.0 deduped
├─┬ react-scripts@5.0.1
│ └─┬ react-app-polyfill@3.0.0
│   └── core-js@3.34.0 deduped
├─┬ recompose@0.30.0
│ └─┬ fbjs@0.8.18
│   └── core-js@1.2.7
├─┬ rethink-knex-adapter@0.4.20
│ └─┬ knex@0.17.6
│   └─┬ @babel/polyfill@7.12.1
│     └── core-js@2.6.12
└─┬ wait-on@2.1.2
  └── core-js@2.6.12

remove recompose? yes

re-adding recompose to debug transition into react hooks

https://medium.com/stationfive/how-to-migrate-from-recompose-to-react-hooks-89b2981c03d


withMUItheme, located: src/containers/hoc/withMuiTheme.jsx


How do we integrate the withMUItheme wrapper into the newly updated react hooks forms that are migrating away from recompose?

I believe we might be learning how to pass props to a component.  That is technically what we want.  Hey, withMUITheme to impact all the children within the code.  So that the functionality of the MUI Theme can persist through our Node 20.10.0 upgrade.
I'm reading Passing Props to a Component, because I wanted to understand how to leverage the Context Hooks React API which ultimately says in the documentation: For example, your app’s top-level component can pass the current UI theme to all components below, no matter how deep.


Below is an example of code that I was mimicking for  the Login.jsx document in the code.  However, this isn't the proper implementation of a reacthook.  That doesn't get demonstrated until later.  No let's hop over to after Wrong Code for Login, and checkout Correct Code for Login.


I now understand that I have to go into a deeper example, because the code looks different once you start utilizing the react hooks syntax.


//WRONG CODE FOR LOGIN

import React, { Component } from 'react';

class FormComponent extends Component {
   state = {
    firstName: 'Arique',
    lastName: 'Aguilar',
    age: 20
   }
   
   handleNameChange = (firstName) => {
    this.setState({firstName})
   }
   
   handleLastNameChange = (lastName) => {
    this.setState({lastName})
   }
   
   handleAgeChange = (age) => {
    this.setState({age})
   }
   
   onSubmit = (e) => {
    e.preventDefault();
   }
   
   render () {
    <>
    <form onSubmit={this.onSubmit}>
        <input
          name="name"
          type="text"
          onChange={(e) => this.handleNameChange(e.target.value)}
          value={this.state.firstName}
        >
 </input>
          <input
            name="lastName"
            type="text"
            onChange={(e) => this.handleLastNameChange(e.target.value)}
            value={this.state.lastName}
          >
          </input>
          <input
            name="age"
            type="number"
            onChange={(e) => this.handleAgeChange(e.target.value)}
            value={this.state.age}
          >
          </input>
          <button type="submit">Submit</button>
        </form>
      </>
    )
  }
};

export default FormComponent


This link will take you to the tutorial on how to migrate from recompose to reacthooks.

//CORRECT CODE FOR LOGIN (W/HOOKS)

import React, { UseState } from 'react';

const hooksForm = () => {
  const [firsName, setFirstName] = useState('Arique');
  const [lastName, setLastName]
}

COAUTHORSHIP
git commit -m "message


Co-authored-by: Daniel Bond dbond@vvnstates.org"