incalculable-garage-67131
06/29/2023, 4:32 PMcrd2pulumi -n
generation.
This looks like its related to a Pulumi node dependency.
The generated package.json is:
{
"name": "@pulumi/crds",
"version": "",
"scripts": {
"build": "tsc",
"install": "node scripts/install-pulumi-plugin.js resource crds "
},
"dependencies": {
"@pulumi/pulumi": "^3.42.0"
},
"devDependencies": {
"@types/node": "^14",
"typescript": "^4.3.5"
},
"pulumi": {
"resource": true,
"name": "crds"
}
}
npm install fails, the pulumi-crds are no longer located at the referenced link.
> install
> node scripts/install-pulumi-plugin.js resource crds
error: 404 HTTP error fetching plugin from <https://api.github.com/repos/pulumi/pulumi-crds/releases/latest>. If this is a private GitHub repository, try providing a token via the GITHUB_TOKEN environment variable. See: <https://github.com/settings/tokens>
There was an error installing the resource provider plugin. You may try to manually installing the plugin by running `pulumi plugin install resource crds`
The npm audit / npm audit fix does not fix this:
semver <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - <https://github.com/advisories/GHSA-c2qf-rxjj-qqgw>
fix available via `npm audit fix`
node_modules/make-dir/node_modules/semver
make-dir 2.0.0 - 3.1.0
Depends on vulnerable versions of semver
node_modules/make-dir
@mapbox/node-pre-gyp >=1.0.1
Depends on vulnerable versions of make-dir
node_modules/@mapbox/node-pre-gyp
grpc 1.24.8 - 1.24.11
Depends on vulnerable versions of @mapbox/node-pre-gyp
node_modules/grpc
--force
lowers the pulumi verion dependency.
"dependencies": {
"@pulumi/pulumi": "^0.14.3"
},
We are enterprise customers and we use crd2pulumi. This is blocking our ability to maintain our deployments.billowy-army-68599