https://pulumi.com logo
#general
Title
# general
i

incalculable-garage-67131

06/29/2023, 4:32 PM
Running into an issue with
crd2pulumi -n
generation. This looks like its related to a Pulumi node dependency. The generated package.json is:
Copy code
{
  "name": "@pulumi/crds",
  "version": "",
  "scripts": {
    "build": "tsc",
    "install": "node scripts/install-pulumi-plugin.js resource crds "
  },
  "dependencies": {
    "@pulumi/pulumi": "^3.42.0"
  },
  "devDependencies": {
    "@types/node": "^14",
    "typescript": "^4.3.5"
  },
  "pulumi": {
    "resource": true,
    "name": "crds"
  }
}
npm install fails, the pulumi-crds are no longer located at the referenced link.
Copy code
> install
> node scripts/install-pulumi-plugin.js resource crds

error: 404 HTTP error fetching plugin from <https://api.github.com/repos/pulumi/pulumi-crds/releases/latest>. If this is a private GitHub repository, try providing a token via the GITHUB_TOKEN environment variable. See: <https://github.com/settings/tokens>

There was an error installing the resource provider plugin. You may try to manually installing the plugin by running `pulumi plugin install resource crds`
The npm audit / npm audit fix does not fix this:
Copy code
semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - <https://github.com/advisories/GHSA-c2qf-rxjj-qqgw>
fix available via `npm audit fix`
node_modules/make-dir/node_modules/semver
  make-dir  2.0.0 - 3.1.0
  Depends on vulnerable versions of semver
  node_modules/make-dir
    @mapbox/node-pre-gyp  >=1.0.1
    Depends on vulnerable versions of make-dir
    node_modules/@mapbox/node-pre-gyp
      grpc  1.24.8 - 1.24.11
      Depends on vulnerable versions of @mapbox/node-pre-gyp
      node_modules/grpc
--force
lowers the pulumi verion dependency.
Copy code
"dependencies": {
    "@pulumi/pulumi": "^0.14.3"
  },
We are enterprise customers and we use crd2pulumi. This is blocking our ability to maintain our deployments.
image.png
b

billowy-army-68599

06/29/2023, 5:06 PM
hey @incalculable-garage-67131 - this is a known issue with crd2pulumi. It’s broadly covered by this issue: https://github.com/pulumi/crd2pulumi/issues/100 if you have an enterprise contract, feel free to send an email to support@pulumi.com with this info and we can triage
2 Views