FlowiseAI
[BUG] Dependency problems with recent releases of Flowise, including critical vulnerabilities
Describe the bug Installing Flowise via npm result in dependency conflicts and use of deprecated package with significant security issues. Problem occurs with 2.0.4 and 2.0.5 releases
To Reproduce
- Clean install of node.js version 20.16.0
- Installed flowise via npm as follows:
% npm i flowise npm warn ERESOLVE overriding peer dependency npm warn While resolving: @mui/[email protected] npm warn Found: [email protected] npm warn node_modules/react npm warn peerOptional react@">=17.0.0" from [email protected] npm warn node_modules/flowise-components/node_modules/lunary npm warn lunary@"^0.6.16" from [email protected] npm warn node_modules/flowise-components npm warn 30 more (flowise-ui, lunary, @emotion/react, @emotion/styled, ...) npm warn npm warn Could not resolve dependency: npm warn peer react@"^17.0.2" from @mui/[email protected] npm warn node_modules/@mui/icons-material npm warn @mui/icons-material@"5.0.3" from [email protected] npm warn node_modules/flowise-ui npm warn npm warn Conflicting peer dependency: [email protected] npm warn node_modules/react npm warn peer react@"^17.0.2" from @mui/[email protected] npm warn node_modules/@mui/icons-material npm warn @mui/icons-material@"5.0.3" from [email protected] npm warn node_modules/flowise-ui npm warn ERESOLVE overriding peer dependency npm warn deprecated [email protected]: cross-spawn no longer requires a build toolchain, use it instead npm warn deprecated @babel/[email protected]: This proposal has been merged to the ECMAScript standard and thus this plugin is no longer maintained. Please use @babel/plugin-transform-class-properties instead. npm warn deprecated [email protected]: Package is no longer maintained npm warn deprecated @npmcli/[email protected]: This functionality has been moved to @npmcli/fs npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. npm warn deprecated [email protected]: Use mz or fs-extra^3.0 with Promise Support npm warn deprecated [email protected]: This package is no longer supported. npm warn deprecated [email protected]: This package is no longer supported. npm warn deprecated [email protected]: Use your platform's native DOMException instead npm warn deprecated [email protected]: Use your platform's native atob() and btoa() methods instead npm warn deprecated [email protected]: This package is no longer supported. npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported npm warn deprecated @aws-sdk/[email protected]: This package has moved to @smithy/protocol-http npm warn deprecated @aws-sdk/[email protected]: This package has moved to @smithy/signature-v4 npm warn deprecated [email protected]: The library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code to isolated-vm. npm warn deprecated [email protected]: < 22.8.2 is no longer supported npm warn deprecated @oclif/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Critical bug fixed in v3.0.1, please upgrade to the latest version. npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported npm warn deprecated [email protected]: This package is no longer supported. npm warn deprecated [email protected]: This package is no longer supported. npm warn deprecated [email protected]: This package is no longer supported. npm warn deprecated [email protected]: Version no longer supported. Upgrade to @latest
Expected behavior Flowise should install without dependency issues and should not make use of deprecated packages and packages with serious security vulnerabilities
Screenshots See install log above.
Flow N/A - installation issue.
Setup
- Installation: npm i flows
- Flowise Version 2.0.4 and 2.0.5
- OS: macOS Sonoma 14.6.1
- Browser N/A
Additional context node.js version 20.16.0
critical vulnerabilities dependencies should be now resolved in v2.1.1 release
