WB6.3: после апдейта не запускается zigbee2mqtt

Программное обеспечение
1

Сидел на wb-2108 в связи с тем, что стоял модуль 433. Решил перелезть на current stable, так как нашёл потенциальную замену в модулях zigbee. Модуль zigbee v1.1C в /dev/ttyMOD1. Был принят следующий план -

  1. перепрошивка модуля zigbee по пункту прошивка
  2. Удаление модуля Rf433
  3. Обновление до текущего stable для этой ревизии через fit образ.
    Пункты 1 и 2 прошли как по маслу. А с пунктом 3 сразу не заладилось. Во первых развалился bridge, потому что в прошивку не положили bridge-utils. Это я решил.
    Но победить незапуск zigbee2mqtt не получается. Ку 2 раза делал, приседал - не помогает.
    Вот лог:

root@wirenboard-AD4ALVSH:~/zigbee2mqtt# npm start

zigbee2mqtt@1.32.2 start
node index.js

Zigbee2MQTT:info 2023-11-17 09:55:23: Logging to console and directory: ‘/mnt/data/root/zigbee2mqtt/data/log/2023-11-17.09-55-20’ filename: log.txt
Zigbee2MQTT:info 2023-11-17 09:55:23: Starting Zigbee2MQTT version 1.32.2 (commit #1ec1e572)
Zigbee2MQTT:info 2023-11-17 09:55:23: Starting zigbee-herdsman (0.17.2)
Zigbee2MQTT:error 2023-11-17 09:55:25: Error while starting zigbee-herdsman
Zigbee2MQTT:error 2023-11-17 09:55:25: Failed to start zigbee
Zigbee2MQTT:error 2023-11-17 09:55:25: Check Zigbee2MQTT fails to start | Zigbee2MQTT for possible solutions
Zigbee2MQTT:error 2023-11-17 09:55:25: Exiting…
Zigbee2MQTT:error 2023-11-17 09:55:25: TypeError: Class extends value undefined is not a constructor or null
at Object. (/mnt/data/root/zigbee2mqtt/node_modules/zigbee-herdsman/src/adapter/serialPort.ts:12:78)
at Module._compile (node:internal/modules/cjs/loader:1155:14)
at Object.Module._extensions…js (node:internal/modules/cjs/loader:1209:10)
at Module.load (node:internal/modules/cjs/loader:1033:32)
at Function.Module._load (node:internal/modules/cjs/loader:868:12)
at Module.require (node:internal/modules/cjs/loader:1057:19)
at require (node:internal/modules/cjs/helpers:103:18)
at Object. (/mnt/data/root/zigbee2mqtt/node_modules/zigbee-herdsman/src/adapter/z-stack/znp/znp.ts:9:1)
at Module._compile (node:internal/modules/cjs/loader:1155:14)
at Object.Module._extensions…js (node:internal/modules/cjs/loader:1209:10)
Прошу помощи.

3

Ни в какой не было, всегда ставился отдельно.

npm при установке не ругался на нехватающее чего-то?

Ну и

npm audit

и

npm audit fix - что дают?
4

root@wirenboard-AD4ALVSH:~/zigbee2mqtt# npm audit

npm audit report

@babel/traverse <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code · CVE-2023-45133 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/@babel/traverse
node_modules/zigbee-herdsman-converters/node_modules/@babel/traverse
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/@babel/traverse
node_modules/zigbee-herdsman/node_modules/@babel/traverse

ansi-regex 5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - Inefficient Regular Expression Complexity in chalk/ansi-regex · CVE-2021-3807 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/ansi-regex
node_modules/zigbee-herdsman-converters/node_modules/ansi-regex
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/@jest/core/node_modules/ansi-regex
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/cliui/node_modules/ansi-regex
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/eslint/node_modules/ansi-regex
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/pretty-format/node_modules/ansi-regex
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/string-length/node_modules/ansi-regex
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/table/node_modules/ansi-regex
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/yargs/node_modules/ansi-regex
node_modules/zigbee-herdsman/node_modules/@jest/core/node_modules/ansi-regex
node_modules/zigbee-herdsman/node_modules/cliui/node_modules/ansi-regex
node_modules/zigbee-herdsman/node_modules/eslint/node_modules/ansi-regex
node_modules/zigbee-herdsman/node_modules/pretty-format/node_modules/ansi-regex
node_modules/zigbee-herdsman/node_modules/string-length/node_modules/ansi-regex
node_modules/zigbee-herdsman/node_modules/table/node_modules/ansi-regex
node_modules/zigbee-herdsman/node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/zigbee-herdsman/node_modules/yargs/node_modules/ansi-regex

async 3.0.0 - 3.2.1
Severity: high
Prototype Pollution in async - Prototype Pollution in async · CVE-2021-43138 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/async

axios <=1.5.1
Severity: high
axios Inefficient Regular Expression Complexity vulnerability - axios Inefficient Regular Expression Complexity vulnerability · CVE-2021-3749 · GitHub Advisory Database · GitHub
Axios Cross-Site Request Forgery Vulnerability - Axios Cross-Site Request Forgery Vulnerability · CVE-2023-45857 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/zigbee-herdsman-converters/node_modules/axios

browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - Regular Expression Denial of Service in browserslist · CVE-2021-23364 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/browserslist
node_modules/zigbee-herdsman-converters/node_modules/browserslist
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/browserslist
node_modules/zigbee-herdsman/node_modules/browserslist

color-string <1.5.5
Severity: moderate
Regular Expression Denial of Service (ReDOS) - Regular Expression Denial of Service (ReDOS) · CVE-2021-29060 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/color-string

decode-uri-component <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - decode-uri-component vulnerable to Denial of Service (DoS) · CVE-2022-38900 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/decode-uri-component
node_modules/zigbee-herdsman-converters/node_modules/decode-uri-component
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/decode-uri-component
node_modules/zigbee-herdsman/node_modules/decode-uri-component

follow-redirects <=1.14.7
Severity: high
Exposure of sensitive information in follow-redirects - Exposure of sensitive information in follow-redirects · CVE-2022-0155 · GitHub Advisory Database · GitHub
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects · CVE-2022-0536 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/zigbee-herdsman-converters/node_modules/follow-redirects

glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex · CVE-2020-28469 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/eslint/node_modules/glob-parent
node_modules/fast-glob/node_modules/glob-parent
node_modules/glob-parent
node_modules/zigbee-herdsman-converters/node_modules/glob-parent
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/chokidar/node_modules/glob-parent
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/eslint/node_modules/glob-parent
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/fast-glob/node_modules/glob-parent
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/glob-parent
node_modules/zigbee-herdsman/node_modules/chokidar/node_modules/glob-parent
node_modules/zigbee-herdsman/node_modules/eslint/node_modules/glob-parent
node_modules/zigbee-herdsman/node_modules/fast-glob/node_modules/glob-parent
node_modules/zigbee-herdsman/node_modules/glob-parent
@nicolo-ribaudo/chokidar-2 <=2.1.8-no-fsevents.3
Depends on vulnerable versions of glob-parent
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/@nicolo-ribaudo/chokidar-2
node_modules/zigbee-herdsman/node_modules/@nicolo-ribaudo/chokidar-2
@babel/cli 7.12.7 - 7.23.0
Depends on vulnerable versions of @nicolo-ribaudo/chokidar-2
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/@babel/cli
node_modules/zigbee-herdsman/node_modules/@babel/cli
glob-stream 5.3.0 - 6.1.0
Depends on vulnerable versions of glob-parent
node_modules/glob-stream
help-me 1.0.0 - 1.1.0
Depends on vulnerable versions of glob-stream
node_modules/help-me
mqtt 1.14.1 - 4.2.6
Depends on vulnerable versions of help-me
node_modules/mqtt

handlebars <=4.7.6
Severity: critical
Remote code execution in handlebars when compiling templates - Remote code execution in handlebars when compiling templates · CVE-2021-23369 · GitHub Advisory Database · GitHub
Prototype Pollution in handlebars - Prototype Pollution in handlebars · CVE-2021-23383 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/handlebars
node_modules/zigbee-herdsman/node_modules/handlebars

hosted-git-info <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - Regular Expression Denial of Service in hosted-git-info · CVE-2021-23362 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/hosted-git-info
node_modules/zigbee-herdsman-converters/node_modules/hosted-git-info
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/hosted-git-info
node_modules/zigbee-herdsman/node_modules/hosted-git-info

jsdom <=16.5.3
Severity: moderate
Insufficient Granularity of Access Control in JSDom - Insufficient Granularity of Access Control in JSDom · CVE-2021-20066 · GitHub Advisory Database · GitHub
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-native
Depends on vulnerable versions of tough-cookie
fix available via npm audit fix
node_modules/jsdom
node_modules/zigbee-herdsman-converters/node_modules/jsdom
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/jsdom
node_modules/zigbee-herdsman/node_modules/jsdom

json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - json-schema is vulnerable to Prototype Pollution · CVE-2021-3918 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/json-schema
node_modules/zigbee-herdsman-converters/node_modules/json-schema
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/json-schema
node_modules/zigbee-herdsman/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
node_modules/zigbee-herdsman-converters/node_modules/jsprim
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/jsprim
node_modules/zigbee-herdsman/node_modules/jsprim

json5 2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - Prototype Pollution in JSON5 via Parse Method · CVE-2022-46175 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/json5
node_modules/zigbee-herdsman-converters/node_modules/json5
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/json5
node_modules/zigbee-herdsman/node_modules/json5

lodash <=4.17.20
Severity: high
Command Injection in lodash - Command Injection in lodash · CVE-2021-23337 · GitHub Advisory Database · GitHub
Regular Expression Denial of Service (ReDoS) in lodash - Regular Expression Denial of Service (ReDoS) in lodash · CVE-2020-28500 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/lodash
node_modules/zigbee-herdsman/node_modules/lodash

marked <=4.0.9
Severity: high
Inefficient Regular Expression Complexity in marked - Inefficient Regular Expression Complexity in marked · CVE-2022-21681 · GitHub Advisory Database · GitHub
Inefficient Regular Expression Complexity in marked - Inefficient Regular Expression Complexity in marked · CVE-2022-21680 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/marked
node_modules/zigbee-herdsman/node_modules/marked
typedoc <=0.21.9 || 0.22.0-beta.0 - 0.22.10 || >=1.0.0-dev.1
Depends on vulnerable versions of marked
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/typedoc
node_modules/zigbee-herdsman/node_modules/typedoc

minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - minimatch ReDoS vulnerability · CVE-2022-3517 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/minimatch
node_modules/zigbee-herdsman-converters/node_modules/minimatch
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/minimatch
node_modules/zigbee-herdsman/node_modules/minimatch

minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - Prototype Pollution in minimist · CVE-2021-44906 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/minimist
node_modules/zigbee-herdsman-converters/node_modules/minimist
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/minimist
node_modules/zigbee-herdsman/node_modules/minimist

moment <=2.29.3
Severity: high
Path Traversal: ‘dir/…/…/filename’ in moment.locale - Path Traversal: 'dir/../../filename' in moment.locale · CVE-2022-24785 · GitHub Advisory Database · GitHub
Moment.js vulnerable to Inefficient Regular Expression Complexity - Moment.js vulnerable to Inefficient Regular Expression Complexity · CVE-2022-31129 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/moment

path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - Regular Expression Denial of Service in path-parse · CVE-2021-23343 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/path-parse
node_modules/zigbee-herdsman-converters/node_modules/path-parse
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/path-parse
node_modules/zigbee-herdsman/node_modules/path-parse

qs 6.5.0 - 6.5.2
Severity: high
qs vulnerable to Prototype Pollution - qs vulnerable to Prototype Pollution · CVE-2022-24999 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/qs
node_modules/zigbee-herdsman-converters/node_modules/qs
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/qs
node_modules/zigbee-herdsman/node_modules/qs

request *
Severity: moderate
Server-Side Request Forgery in Request - Server-Side Request Forgery in Request · CVE-2023-28155 · GitHub Advisory Database · GitHub
Depends on vulnerable versions of tough-cookie
fix available via npm audit fix
node_modules/request
node_modules/zigbee-herdsman-converters/node_modules/request
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/request
node_modules/zigbee-herdsman/node_modules/request

semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - semver vulnerable to Regular Expression Denial of Service · CVE-2022-25883 · GitHub Advisory Database · GitHub
semver vulnerable to Regular Expression Denial of Service - semver vulnerable to Regular Expression Denial of Service · CVE-2022-25883 · GitHub Advisory Database · GitHub
semver vulnerable to Regular Expression Denial of Service - semver vulnerable to Regular Expression Denial of Service · CVE-2022-25883 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/execa/node_modules/semver
node_modules/istanbul-lib-instrument/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/@babel/core/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/execa/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/istanbul-lib-instrument/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/make-dir/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/normalize-package-data/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/@typescript-eslint/eslint-plugin/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/@typescript-eslint/typescript-estree/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/core-js-compat/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/eslint/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/istanbul-lib-instrument/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/istanbul-lib-report/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/jest-snapshot/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/node-notifier/node_modules/semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/semver
node_modules/zigbee-herdsman/node_modules/@typescript-eslint/eslint-plugin/node_modules/semver
node_modules/zigbee-herdsman/node_modules/@typescript-eslint/typescript-estree/node_modules/semver
node_modules/zigbee-herdsman/node_modules/core-js-compat/node_modules/semver
node_modules/zigbee-herdsman/node_modules/eslint/node_modules/semver
node_modules/zigbee-herdsman/node_modules/istanbul-lib-instrument/node_modules/semver
node_modules/zigbee-herdsman/node_modules/istanbul-lib-report/node_modules/semver
node_modules/zigbee-herdsman/node_modules/jest-snapshot/node_modules/semver
node_modules/zigbee-herdsman/node_modules/node-notifier/node_modules/semver
node_modules/zigbee-herdsman/node_modules/semver
core-js-compat 3.6.0 - 3.25.0
Depends on vulnerable versions of semver
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/core-js-compat
node_modules/zigbee-herdsman/node_modules/core-js-compat

shelljs <=0.8.4
Severity: high
Improper Privilege Management in shelljs - Improper Privilege Management in shelljs · GHSA-64g7-mvw6-v9qj · GitHub Advisory Database · GitHub
Improper Privilege Management in shelljs - Improper Privilege Management in shelljs · CVE-2022-0144 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/shelljs
node_modules/zigbee-herdsman/node_modules/shelljs

simple-get 3.0.0 - 3.1.0
Severity: high
Exposure of Sensitive Information in simple-get - Exposure of Sensitive Information in simple-get · CVE-2022-0355 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/simple-get
node_modules/zigbee-herdsman/node_modules/simple-get

tmpl <1.0.5
Severity: high
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion - tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion · CVE-2021-3777 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/tmpl
node_modules/zigbee-herdsman-converters/node_modules/tmpl
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/tmpl
node_modules/zigbee-herdsman/node_modules/tmpl

tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - tough-cookie Prototype Pollution vulnerability · CVE-2023-26136 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/request-promise-native/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie
node_modules/tough-cookie
node_modules/zigbee-herdsman-converters/node_modules/request-promise-native/node_modules/tough-cookie
node_modules/zigbee-herdsman-converters/node_modules/request/node_modules/tough-cookie
node_modules/zigbee-herdsman-converters/node_modules/tough-cookie
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/request-promise-native/node_modules/tough-cookie
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/request/node_modules/tough-cookie
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/tough-cookie
node_modules/zigbee-herdsman/node_modules/request-promise-native/node_modules/tough-cookie
node_modules/zigbee-herdsman/node_modules/request/node_modules/tough-cookie
node_modules/zigbee-herdsman/node_modules/tough-cookie
request-promise-native >=1.0.6
Depends on vulnerable versions of tough-cookie
node_modules/request-promise-native
node_modules/zigbee-herdsman-converters/node_modules/request-promise-native
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/request-promise-native
node_modules/zigbee-herdsman/node_modules/request-promise-native

word-wrap <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - word-wrap vulnerable to Regular Expression Denial of Service · CVE-2023-26115 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/word-wrap
node_modules/zigbee-herdsman-converters/node_modules/word-wrap
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/word-wrap
node_modules/zigbee-herdsman/node_modules/word-wrap

ws 7.0.0 - 7.4.5
Severity: moderate
ReDoS in Sec-Websocket-Protocol header - ReDoS in Sec-Websocket-Protocol header · CVE-2021-32640 · GitHub Advisory Database · GitHub
fix available via npm audit fix
node_modules/ws
node_modules/zigbee-herdsman-converters/node_modules/ws
node_modules/zigbee-herdsman-converters/node_modules/zigbee-herdsman/node_modules/ws
node_modules/zigbee-herdsman/node_modules/ws

38 vulnerabilities (12 moderate, 21 high, 5 critical)

To address all issues, run:
npm audit fix
root@wirenboard-AD4ALVSH:~/zigbee2mqtt# npm audit fix
npm WARN old lockfile
npm WARN old lockfile The npm-shrinkwrap.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile
npm WARN old lockfile This is a one-time fix-up, please be patient…
npm WARN old lockfile
[##################] | idealTree:inflate:node_modules/zigbee-herdsman/node_modules/typescript: sill inflate node_modules/zigbee-herdsman/node_modules/typescript
<— Last few GCs —>

[25402:0x51d4978] 635261 ms: Mark-sweep 123.5 (131.3) → 122.9 (129.3) MB, 4145.6 / 0.1 ms (average mu = 0.799, current mu = 0.378) allocation failure scavenge might not succeed
[25402:0x51d4978] 639257 ms: Mark-sweep 123.4 (129.3) → 123.4 (130.3) MB, 3854.2 / 0.1 ms (average mu = 0.601, current mu = 0.035) allocation failure scavenge might not succeed

<— JS stacktrace —>

FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory
Aborted
root@wirenboard-AD4ALVSH:~/zigbee2mqtt#
я так понял, что вывалился по нехватке памяти.
я npm отдельно не устанавливал.

5

Да, очевидно. Поэтому перед запуском явно ограничьте используемы объем и (или) остановите лишние потребляющие ресурсы сервисы.

6

по команде топ посмотрел, что жрёт памяти, остановил wb-rules и wb-mqtt-serial. не помогло.
как ограничить размер памяти при npm audit fix ? я погуглил - но релевантного ответа не нашёл (или не понял).

Tasks: 98 total, 1 running, 97 sleeping, 0 stopped, 0 zombie
%Cpu(s): 9.4 us, 4.0 sy, 0.0 ni, 86.0 id, 0.0 wa, 0.0 hi, 0.7 si, 0.0 st
MiB Mem : 494.9 total, 168.1 free, 135.6 used, 191.2 buff/cache
MiB Swap: 256.0 total, 255.7 free, 0.2 used. 346.9 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1504 root 20 0 25132 10468 5360 S 2.3 2.1 14:13.91 python3
5544 root 20 0 5464 2316 1752 R 2.0 0.5 0:00.14 top
282 message+ 20 0 6496 3104 2320 S 1.6 0.6 24:37.58 dbus-daemon
2134 root 20 0 63476 6792 3220 S 1.6 1.3 89:11.10 main
1200 root 20 0 53820 9668 7460 S 1.3 1.9 30:27.38 NetworkManager
20852 root 20 0 59916 4392 3748 S 1.3 0.9 26:53.44 wb-mqtt-adc
123 root 20 0 51580 17188 16352 S 0.7 3.4 19:46.36 systemd-journal
302 avahi 20 0 5544 2548 2068 S 0.7 0.5 8:10.21 avahi-daemon
1167 root 20 0 0 0 0 I 0.7 0.0 0:11.06 kworker/0:0-events
2373 root 20 0 60288 2572 1936 S 0.7 0.5 8:27.25 wb-mqtt-opcua
19887 root 20 0 12772 5828 4896 S 0.7 1.2 0:14.23 sshd
44 root -51 0 0 0 0 S 0.3 0.0 4:02.91 watchdogd
1604 root 20 0 9636 1932 1384 S 0.3 0.4 8:57.36 wpa_supplicant
1981 mosquit+ 20 0 10852 4276 2752 S 0.3 0.8 27:58.87 mosquitto
1 root 20 0 32224 6152 4052 S 0.0 1.2 1:06.85 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.37 kthreadd
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq
7 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_tasks_trace
8 root 20 0 0 0 0 S 0.0 0.0 7:13.13 ksoftirqd/0
9 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kdevtmpfs
10 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 netns
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 oom_reaper
13 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 writeback
14 root 20 0 0 0 0 S 0.0 0.0 0:37.03 kcompactd0
42 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kblockd
43 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 blkcg_punt_bio
45 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rpciod
46 root 0 -20 0 0 0 I 0.0 0.0 0:00.05 kworker/u3:0-hci0
47 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 xprtiod
48 root 20 0 0 0 0 S 0.0 0.0 0:07.60 kswapd0
49 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 nfsiod
51 root 20 0 0 0 0 S 0.0 0.0 0:00.00 hwrng
53 root 20 0 0 0 0 S 0.0 0.0 0:00.00 spi10
89 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 sdhci
90 root -51 0 0 0 0 S 0.0 0.0 0:00.00 irq/53-mmc0
92 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 ipv6_addrconf
93 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kstrp
95 root -51 0 0 0 0 S 0.0 0.0 0:00.00 irq/36-imx_ther
96 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mmc_complete
98 root 20 0 0 0 0 S 0.0 0.0 0:04.07 jbd2/mmcblk0p2-
99 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 ext4-rsv-conver
141 root 20 0 16904 2828 1892 S 0.0 0.6 0:02.39 systemd-udevd
153 root 20 0 0 0 0 S 0.0 0.0 5:04.05 w1_bus_master1
154 root 20 0 0 0 0 S 0.0 0.0 4:55.32 w1_bus_master2
185 root 0 -20 0 0 0 I 0.0 0.0 0:00.01 kworker/u3:2-hci0
187 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 cfg80211
204 root 20 0 0 0 0 S 0.0 0.0 0:34.01 jbd2/mmcblk0p6-
205 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 ext4-rsv-conver
280 root 20 0 8992 3156 2740 S 0.0 0.6 0:00.15 bluetoothd
281 root 20 0 6792 1932 1732 S 0.0 0.4 0:01.32 cron
286 root 20 0 36056 4692 4036 S 0.0 0.9 0:07.50 polkitd
287 root 20 0 10816 3780 3152 S 0.0 0.7 0:03.79 systemd-logind
289 root 20 0 1504 964 904 S 0.0 0.2 0:00.00 sh
293 root 20 0 6548 1660 1476 S 0.0 0.3 0:00.01 wb-watch-config
303 root 20 0 9648 3324 2712 S 0.0 0.7 0:04.76 wpa_supplicant
314 avahi 20 0 5376 1196 940 S 0.0 0.2 0:00.00 avahi-daemon
319 root 20 0 1608 908 808 S 0.0 0.2 0:00.01 inotifywait
320 root 20 0 6548 1648 1464 S 0.0 0.3 0:00.01 wb-watch-config
337 root 20 0 53980 5908 4460 S 0.0 1.2 0:00.68 ModemManager
1242 root 20 0 0 0 0 S 0.0 0.0 5:54.04 RTW_CMD_THREAD

7

Но, в общем, можно просто почисттить каталог и поставить снова, обращая внимание на корректность и отсутствие ошибок.

8

удалил каталог. установил заново.
хотя npm audit fix так и вываливается, несмотря на ограничение 200мб, сервис заработал. и это главное.
спасибо, проблема решена.

1 лайк
9

Эта тема была автоматически закрыта через 7 дней после последнего ответа. В ней больше нельзя отвечать.