Removal of Dependency Deprecation Warnings in Forge CLI

Forge Forge Platform and Tools
1

We’ve just released Forge CLI version 12.2.0 as announced in our changelog. In this release we have upgraded the deprecated dependencies so that when you install the latest version of the CLI you won’t get anymore deprecation warnings.

image
image431×184 5.62 KB

Feel free to respond to the post if you have any questions related to this release.

4 Likes
2

Hi @JacobTan , glad that the team has an update addressing the issue! I have upgraded my @forge/cli version to 12.4.0, however, the warning is still presented when I test it locally. I have tried to deploy to development environment as well, but the logs appear in the forge log either…

3

Hi @JacobTan ,

The new release of forge cli has a couple of vulnerability warnings, as had the last version. Is Atlassian going to fix this, and hopefully check for this before every release?

Example:

# npm audit report

content-security-policy-parser  <0.6.0
Severity: high
content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE - https://github.com/advisories/GHSA-w2cq-g8g3-gm83
fix available via `npm audit fix --force`
Will install @forge/cli@6.4.1, which is a breaking change
node_modules/@forge/cli/node_modules/content-security-policy-parser
  @forge/csp  *
  Depends on vulnerable versions of content-security-policy-parser
  node_modules/@forge/cli/node_modules/@forge/csp
    @forge/lint  <=0.0.0-experimental-fbe27f8 || 1.0.6-next.0 - 3.2.4-next.4 || >=5.7.0-next.0
    Depends on vulnerable versions of @forge/csp
    node_modules/@forge/cli/node_modules/@forge/lint
      @forge/bundler  1.0.6-next.0 - 3.1.0-test.8 || >=4.20.8-next.0
      Depends on vulnerable versions of @forge/lint
      node_modules/@forge/cli/node_modules/@forge/bundler
        @forge/cli  <=0.0.0-experimental-a9f00a0 || 1.3.3-next.6 - 5.1.0-next.5 || >=6.4.2-next.1
        Depends on vulnerable versions of @forge/bundler
        Depends on vulnerable versions of @forge/lint
        Depends on vulnerable versions of @forge/tunnel
        node_modules/@forge/cli
        @forge/tunnel  <=0.0.1-next.15 || >=0.6.3-next.0
        Depends on vulnerable versions of @forge/bundler
        Depends on vulnerable versions of @forge/csp
        node_modules/@forge/cli/node_modules/@forge/tunnel
1 Like