.NET Core Web API Newtonsoft.Json Nuget Dependency Warning - asp.net-core

I have the following Web API solution structure with three projects in a .NET 5 Web Api
.
+-- Api.csproj
| +-- Dependencies
| | +-- Projects
| | | +-- Infrastructure.csproj
| | | | +-- Dependencies
| | | | | +-- Projects
| | | | | | +-- Core.csproj
| | | | | +-- Packages
| | | | | | +-- Serilog.Sinks.Telegram (2.0.1)
| | | | | | | +-- Newtonsoft.Json (11.0.2)
When I build Infrastructure.csproj, it succeeds, but 2 strange issues
Build warning Infrastructure.csproj : warning NU1603: Serilog.Sinks.TelegramClient 2.0.1 depends on Newtonsoft.Json (>= 10.0.0) but Newtonsoft.Json 10.0.0 was not found. An approximate best match of Newtonsoft.Json 10.0.1 was resolved.
Looking in the \debug folder, I don't see any dlls for Serilog or Newtonsoft.
When I build Api.csproj, it succeeds, but again strange issues
Build warning Infrastructure.csproj : warning NU1603: Serilog.Sinks.TelegramClient 2.0.1 depends on Newtonsoft.Json (>= 10.0.0) but Newtonsoft.Json 10.0.0 was not found. An approximate best match of Newtonsoft.Json 10.0.1 was resolved.
Build warning Api.csproj : warning NU1603: Serilog.Sinks.TelegramClient 2.0.1 depends on Newtonsoft.Json (>= 10.0.0) but Newtonsoft.Json 10.0.0 was not found. An approximate best match of Newtonsoft.Json 10.0.1 was resolved.
Looking in the \debug folder of the Api.csproj, I do see Serilog and Newtonsoft dlls.
The Newtonsoft dll in debug has a version of 12.0.3.*
My Questions:
Is it right that there are no Serilog or Newtonsoft dlls in Infrastructure.csproj output folder?
Why am I getting a warning about Newtonsoft for the Api.csproj build when the dll is correctly put into output folder and the version is greater than the warning?

Related

how to resolve cve CVE-2020-28052 json-schema for npm

By performing a dependency check using owasp 7.0.4 on my project, which uses java for BE and JS for BFE, i got ceveral CVEs noted over 8. One is the json-schema package used by npm. This the packages configuration in the package.json:
dependency:
"json-schema": "^0.4.0"
"npm": "^7.13.0"
when calling the command npm ls json-schema to check json-schema use i got:
+-- json-schema#0.4.0
+-- lerna#4.0.0
| `-- #lerna/add#4.0.0
| `-- pacote#11.3.5
| `-- #npmcli/run-script#1.8.6
| `-- node-gyp#7.1.2
| `-- request#2.88.2
| `-- http-signature#1.2.0
| `-- jsprim#1.4.2
| `-- json-schema#0.4.0 deduped
`-- npm#7.24.2
`-- node-gyp#7.1.2
`-- request#2.88.2
`-- http-signature#1.2.0
`-- jsprim#1.4.1
`-- json-schema#0.2.3
I see that i need to somehow force npm use the latest json-schema version.
Can please anyone give me a hint, if this is the right way and how to achieve it?

Problem solved by updating npm to 8.6.0

nested package.json in Yarn workspaces

When using yarn workspaces is it possible to have nested package.json files to resolve dependancies for a subset of packages? Avoiding repetition?
where cra are create-react-apps and pkg are packages that these sites consume.
e.g.
| /
| - package.json
|---- /sites
|-------- /cra-1
| - package.json
|-------- /cra-2
| - package.json
|---- /packages
| - package.json // <<---- Extra level here
|-------- /pkg-1
| - package.json
|-------- /pkg-1
| - package.json
|-------- /pkg-2
| - package.json
this would allow us to share common dependancies for our packages... keep them all in sync and up-to-date

Error in building react native app using expo

I'm building fist mobile project by using react-native, expo and lerna. But I have problem with lerna. When I type: yarn install all packages. My problem is that lerna push all module packages in mobile package to the outside node_modules folder so that the script to run react native is not available in mobile package. My question is that there are any solutions for lerna to recognize those modules out of package mobile scope.
This is my folder structure
| my-project/
| ---- node_modules/
| -------- react-native/
| -------- lerna/
| -------- expo/
| ---- package.json
| ---- lerna.json
| ---- packages/
| -------- mobile/
| ------------ node_modules/
| ---------------- bin/
| ------------------- react-native
| ------------------- react-native.cmd
| ------------ package.json

How do I update ChromeDriver for Windows?

On Windows, I am trying to update ChromeDriver to take advantage of the new headless option for Chrome. However, ChromeDriver reverts back to a previous version as soon as the update is complete.
In the console log from command prompt below, you can see that I downloaded version 2.33, but at the end, the version I get is 2.27. I need at least 2.29 to use headless Chrome.
C:\WINDOWS\system32>npm uninstall chromedriver
- pify#2.3.0 node_modules\globby\node_modules\pify
- globby#6.1.0 node_modules\globby
- isarray#1.0.0 node_modules\isarray
- minimist#0.0.8 node_modules\minimist
- mkdirp#0.5.0 node_modules\extract-zip\node_modules\mkdirp
- ms#2.0.0 node_modules\ms
- debug#2.6.9 node_modules\debug
- p-map#1.2.0 node_modules\p-map
- pend#1.2.0 node_modules\pend
- fd-slicer#1.0.1 node_modules\fd-slicer
- pify#3.0.0 node_modules\pify
- process-nextick-args#1.0.7 node_modules\process-nextick-args
- string_decoder#1.0.3 node_modules\string_decoder
- typedarray#0.0.6 node_modules\typedarray
- util-deprecate#1.0.2 node_modules\util-deprecate
- readable-stream#2.3.3 node_modules\readable-stream
- concat-stream#1.6.0 node_modules\concat-stream
- yauzl#2.4.1 node_modules\yauzl
- del#3.0.0 node_modules\del
- extract-zip#1.6.6 node_modules\extract-zip
- kew#0.7.0 node_modules\kew
- mkdirp#0.5.1 node_modules\mkdirp
- chromedriver#2.33.2 node_modules\chromedriver
npm WARN enoent ENOENT: no such file or directory, open 'C:\WINDOWS\system32\package.json'
npm WARN system32 No description
npm WARN system32 No repository field.
npm WARN system32 No README data
npm WARN system32 No license field.
C:\WINDOWS\system32>npm install chromedriver
> chromedriver#2.33.2 install C:\WINDOWS\system32\node_modules\chromedriver
> node install.js
Downloading https://chromedriver.storage.googleapis.com/2.33/chromedriver_win32.zip
Saving to C:\Users\vadmin\AppData\Local\Temp\chromedriver\chromedriver_win32.zip
Received 781K...
Received 1568K...
Received 2352K...
Received 3136K...
Received 3920K...
Received 4125K total.
Extracting zip contents
Copying to target path C:\WINDOWS\system32\node_modules\chromedriver\lib\chromedriver
Done. ChromeDriver binary available at C:\WINDOWS\system32\node_modules\chromedriver\lib\chromedriver\chromedriver.exe
C:\WINDOWS\system32
`-- chromedriver#2.33.2
+-- del#3.0.0
| +-- globby#6.1.0
| | `-- pify#2.3.0
| +-- p-map#1.2.0
| `-- pify#3.0.0
+-- extract-zip#1.6.6
| +-- concat-stream#1.6.0
| | +-- readable-stream#2.3.3
| | | +-- isarray#1.0.0
| | | +-- process-nextick-args#1.0.7
| | | +-- string_decoder#1.0.3
| | | `-- util-deprecate#1.0.2
| | `-- typedarray#0.0.6
| +-- debug#2.6.9
| | `-- ms#2.0.0
| +-- mkdirp#0.5.0
| `-- yauzl#2.4.1
| `-- fd-slicer#1.0.1
| `-- pend#1.2.0
+-- kew#0.7.0
`-- mkdirp#0.5.1
`-- minimist#0.0.8
npm WARN enoent ENOENT: no such file or directory, open 'C:\WINDOWS\system32\package.json'
npm WARN system32 No description
npm WARN system32 No repository field.
npm WARN system32 No README data
npm WARN system32 No license field.
C:\WINDOWS\system32>npm update chromedriver
C:\WINDOWS\system32>chromedriver -version
ChromeDriver 2.27.440174 (e97a722caafc2d3a8b807ee115bfb307f7d2cfd9)
C:\WINDOWS\system32>
What am I doing wrong/missing?

Most probably you have another chromedriver in your PATH. You can use PATH command in cmd prompt to check if you have another chromedriver in your path. If you have another chromedriver you can either update it manually by downloading the version you want or you can add the one installed by npm to your PATH, which is at following location:
C:\WINDOWS\system32\node_modules\chromedriver\lib\chromedriver
Also, you can check the version of the chromedriver at the above location
C:\WINDOWS\system32>C:\WINDOWS\system32\node_modules\chromedriver\lib\chromedriver --version

When Selenium is installed, the chromedriver.exe is placed in
C:\Users\you\AppData\Local\SeleniumBasic
When you put the updated version somewhere else in %path% then it will still use the old version here.
So
either delete the old one from here
or
overwrite it with the updated version.
This will ensure that the updated one is used.

What is the React Native version compatible with android api16?

I install react native and created a sample project. but it cannot be run on android version prior to android 6. so i created project with earlier version. following errors occurred. please help.
This is my installation section.
C:\react>npm i -g rninit
C:\Users\User\AppData\Roaming\npm\rninit -> C:\Users\User\AppData\Roaming\npm
de_modules\rninit\index.js
C:\Users\User\AppData\Roaming\npm
`-- rninit#0.1.1
+-- chalk#1.1.3
| +-- ansi-styles#2.2.1
| +-- escape-string-regexp#1.0.5
| +-- has-ansi#2.0.0
| | `-- ansi-regex#2.1.1
| +-- strip-ansi#3.0.1
| `-- supports-color#2.0.0
+-- prompt#0.2.14
| +-- pkginfo#0.4.0
| +-- read#1.0.7
| | `-- mute-stream#0.0.7
| +-- revalidator#0.1.8
| +-- utile#0.2.1
| | +-- async#0.2.10
| | +-- deep-equal#1.0.1
| | +-- i#0.3.5
| | +-- mkdirp#0.5.1
| | | `-- minimist#0.0.8
| | +-- ncp#0.4.2
| | `-- rimraf#2.6.1
| | `-- glob#7.1.2
| | +-- fs.realpath#1.0.0
| | +-- inflight#1.0.6
| | | `-- wrappy#1.0.2
| | +-- inherits#2.0.3
| | +-- minimatch#3.0.4
| | | `-- brace-expansion#1.1.7
| | | +-- balanced-match#0.4.2
| | | `-- concat-map#0.0.1
| | +-- once#1.4.0
| | `-- path-is-absolute#1.0.1
| `-- winston#0.8.3
| +-- colors#0.6.2
| +-- cycle#1.0.3
| +-- eyes#0.1.8
| +-- isstream#0.1.2
| +-- pkginfo#0.3.1
| `-- stack-trace#0.0.10
`-- semver#5.3.0
This is project initialization
C:\react>rninit init TestProject --source react-native#0.1.1
This will walk you through creating a new React Native project in C:\react\TestP
roject
Installing react-native package from npm...
npm ERR! Windows_NT 6.3.9600
npm ERR! argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\User\\AppData\\R
oaming\\npm\\node_modules\\npm\\bin\\npm-cli.js" "install" "--save" "react-nativ
e#0.1.1"
npm ERR! node v6.10.3
npm ERR! npm v4.1.1
npm ERR! code ETARGET
npm ERR! notarget No compatible version found: react-native#0.1.1
npm ERR! notarget Valid install targets:
npm ERR! notarget 0.0.0, 0.0.5, 0.0.6, 0.1.0, 0.2.0, 0.2.1, 0.3.0, 0.3.1, 0.3.2,
0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.3.11, 0.4.0, 0.4.1,
0.4.2, 0.4.3, 0.4.4, 0.5.0-rc1, 0.5.0, 0.6.0-rc, 0.6.0, 0.7.0-rc, 0.7.0-rc.2, 0.
7.1, 0.8.0-rc, 0.8.0-rc.2, 0.8.0, 0.9.0-rc, 0.9.0, 0.10.0-rc, 0.10.0, 0.11.0-rc,
0.10.1, 0.11.0, 0.11.1, 0.11.2, 0.12.0-rc, 0.11.3, 0.11.4, 0.12.0, 0.13.0-rc, 0
.13.0, 0.13.1, 0.13.2, 0.14.0-rc, 0.14.0, 0.14.1, 0.15.0-rc, 0.14.2, 0.15.0, 0.1
6.0-rc, 0.16.0, 0.17.0-rc, 0.17.0, 0.18.0-rc, 0.18.0, 0.18.1, 0.19.0-rc, 0.19.0,
0.20.0-rc1, 0.20.0, 0.21.0-rc, 0.21.0, 0.22.0-rc, 0.22.0-rc3, 0.22.0-rc4, 0.22.
0-rc5, 0.22.0, 0.22.1, 0.22.2, 0.23.0-rc1, 0.23.0-rc3, 0.23.0-rc4, 0.24.0-rc, 0.
24.0-rc1, 0.23.0, 0.24.0-rc2, 0.24.0-rc3, 0.23.1, 0.24.0-rc4, 0.24.0-rc5, 0.25.0
-rc, 0.24.0, 0.24.1, 0.26.0-rc, 0.25.1, 0.26.0, 0.27.0-rc, 0.26.1, 0.26.2, 0.27.
0-rc1, 0.27.0-rc2, 0.26.3, 0.27.0-rc3, 0.27.0, 0.28.0-rc.0, 0.27.1, 0.27.2, 0.28
.0, 0.29.0-rc.0, 0.29.0-rc.1, 0.29.0-rc.2, 0.29.0-rc.3, 0.30.0-rc.0, 0.29.0, 0.2
9.1, 0.29.2, 0.30.0, 0.31.0-rc.0, 0.31.0-rc.1, 0.31.0, 0.32.0-rc.0, 0.33.0-rc.0,
0.32.0, 0.33.0-rc.1, 0.32.1, 0.33.0, 0.34.0-rc.0, 0.33.1, 0.34.0, 0.35.0-rc.0,
0.34.1, 0.36.0-rc.0, 0.35.0, 0.36.0-rc.1, 0.36.0, 0.37.0-rc.0, 0.36.1, 0.37.0-rc
.2, 0.37.0-rc.3, 0.37.0-rc.4, 0.37.0, 0.38.0-rc.0, 0.38.0-rc.1, 0.39.0-rc.0, 0.3
8.0, 0.39.0, 0.40.0-rc.0, 0.38.1, 0.40.0-rc.1, 0.39.1, 0.40.0-rc.2, 0.39.2, 0.40
.0, 0.41.0-rc.0, 0.41.0-rc.1, 0.42.0-rc.0, 0.41.0, 0.42.0-rc.1, 0.41.1, 0.41.2,
0.42.0-rc.2, 0.42.0-rc.3, 0.42.0, 0.43.0-rc.0, 0.43.0-rc.1, 0.43.0-rc.2, 0.42.2,
0.43.0-rc.3, 0.42.3, 0.43.0-rc.4, 0.44.0-rc.0, 0.43.0, 0.43.1, 0.43.2, 0.43.3,
0.43.4, 0.44.0, 0.45.0-rc.0, 0.45.0-rc.1, 0.44.1, 0.44.2, 0.45.0-rc.2
npm ERR! notarget
npm ERR! notarget This is most likely not a problem with npm itself.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
npm ERR! Please include the following file with any support request:
npm ERR! C:\react\TestProject\npm-debug.log
`npm install --save react-native#0.1.1` failed
what are the versions that are compatible for each android API s.Thank You

Minimum SDK for Android is 4.1 (API 16) and for iOS >= iOS 7.0.
Here is the official document link
Update:
As of 9th Aug 2021, it is Android 5.0 - API 21 and iOS 11.0
Source