"3 low severity vulnerabilities" when running npm update

[Mark2M]

Describe the bug

When I run rpm update I get some issues. First I get this warning repeatedly:

(node:1126) MaxListenersExceededWarning: Possible EventEmitter memory leak detected. 11 close listeners added to [TLSSocket]. Use emitter.setMaxListeners() to increase limit

Then I get a warning about 3 low severity vulnerabilities. Then if I try "nom audit fix --force" I get the following error:

npm WARN audit Updating @sveltejs/kit to 0.0.30, which is a SemVer major change.
npm WARN audit Updating @sveltejs/adapter-auto to 0.0.1, which is a SemVer major change.
npm ERR! code EUNSUPPORTEDPROTOCOL
npm ERR! Unsupported URL Type "workspace:": workspace:*

This has been going on for maybe a month, and a while back I was getting a warning about "semver" so I added an override to package.json. This cured the original warning. I've tried updating with and without the override but nothing seems to help.

This is my package.json:

{
	"name": "template-42",
	"version": "0.0.1",
	"private": true,
	"scripts": {
		"dev": "vite dev",
		"build": "vite build",
		"preview": "vite preview",
		"test": "playwright test",
		"check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
		"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
		"test:unit": "vitest"
	},
	"devDependencies": {
		"@playwright/test": "^1.28.1",
		"@sveltejs/adapter-auto": "^2.0.0",
		"@sveltejs/kit": "^1.5.0",
		"@types/cookie": "^0.5.1",
		"postcss-nesting": "^11.3.0",
		"svelte": "^4.0.5",
		"svelte-check": "^3.0.1",
		"tslib": "^2.4.1",
		"typescript": "^5.1.3",
		"vite": "^4.2.0",
		"vitest": "^0.25.3"
	},
	"dependencies": {
		"bcrypt": "^5.0.1",
		"dayjs": "^1.11.7",
		"jsonwebtoken": "^9.0.0",
		"marked": "^4.2.12",
		"mongoose": "^7.1.0",
		"sanitize-html": "^2.10.0"
	},
	**"overrides": {
		"semver": "~7.5.2"
	},**
  "postcss": {
    "plugins": {
      "postcss-nesting": {}
    }
  },
	"type": "module"
}

And this is my svelte.config.javascript:

import adapter from '@sveltejs/adapter-auto';
import { vitePreprocess } from '@sveltejs/kit/vite';

/** @type {import('@sveltejs/kit').Config} */
const config = {
	// Consult https://kit.svelte.dev/docs/integrations#preprocessors
	// for more information about preprocessors
	preprocess: vitePreprocess(),

	kit: {
		// adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list.
		// If your environment is not supported or you settled on a specific environment, switch out the adapter.
		// See https://kit.svelte.dev/docs/adapters for more information about adapters.
    //
    // MH 20230803 added "{polyfill: false}" below:
		adapter: adapter({polyfill: false}),		
  alias: {
      $routes: 'src/routes', 
      $stores: 'src/stores', 
      $lib: 'src/lib',
      $db: 'src/lib/db',
      $src: 'src',
      $static: 'static',
      },
	},
  vitePlugin: {
    inspector: true,
  }
};

export default config;

I'm fairly new to node etc. and have no idea where to look. Searching DuckDuckGo and Git hasn't produced anything useful.

Is this something that's likely to go away in a future update or should I be worried?

I also tried deleting the node modules and sveltekit folders but that made no difference. I'm on an up to date Mac and have also tried it on an up to date Windows 10 box but got the same issues.

Any advice would be much appreciated.

Thanks

Mark

Reproduction

NA

Logs

The npm log is too long to post...

System Info

Processor: 2.4 GHz 8-Core Intel Core i9

Graphics: Radeon Pro 560X 4 GB, Intel UHD Graphics 630 1536 MB

Memory: 32 GB 2400 MHz DDR4

MacOS: Sonoma 14.0 (23A344)

Severity

annoyance

[Mark2M]

This issue went away today. npm update is no longer reporting vulnerabilities

[dummdidumm]

SvelteKit has a new version which likely contains the updated dependencies which fix these vulnerabilities - closing.

[Mark2M]

Excellent, thank you