提问人:Lefeldiman 提问时间:11/14/2023 更新时间:11/14/2023 访问量:71
npm install 漏洞 node_modules
npm install vulnerabilities node_modules
问:
我尝试更新这些漏洞包上的软件包,有:css-select、svgo、@svgr/plugin-svgo、@svgr/webpack、postcss、resolve-url-loader,但是,它依赖于 react-scripts 3.0.1,我也在 5.0.1 上有什么可做的吗?
$ npm 审计
npm 审核报告
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/@svgr/plugin-svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/@svgr/plugin-svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/@svgr/plugin-svgo/node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader
**8 vulnerabilities (2 moderate, 6 high)**
To address all issues (including breaking changes), run:
npm audit fix --force
我的package.json
{
"name": "mYproject",
"version": "1.0.0",
"homepage": "https://myproject.cc",
"private": true,
"dependencies": {
"-": "^0.0.1",
"@babel/plugin-syntax-flow": "^7.14.5",
"@babel/plugin-transform-react-jsx": "^7.14.9",
"@emotion/react": "^11.11.1",
"@emotion/styled": "^11.11.0",
"@mui/icons-material": "^5.14.16",
"@mui/material": "^5.14.17",
"@mui/styles": "^5.14.17",
"@mui/system": "5.14.11",
"@mui/x-date-pickers": "^6.18.1",
"@popperjs/core": "^2.11.8",
"@rollup/plugin-terser": "^0.4.4",
"ajv": "^8.12.0",
"ajv-keywords": "^5.1.0",
"apexcharts": "^3.44.0",
"axios": "^1.6.1",
"base-64": "^1.0.0",
"bootstrap": "^5.3.2",
"crypto-browserify": "^3.12.0",
"crypto-js": "^4.2.0",
"dayjs": "^1.11.10",
"eslint": "^8.53.0",
"filesize": "^10.1.0",
"firebase": "^10.6.0",
"fork-ts-checker-webpack-plugin": "^9.0.2",
"helmet": "^7.1.0",
"history": "^5.3.0",
"hoist-non-react-statics": "^3.3.2",
"http-browserify": "^1.7.0",
"https-browserify": "^1.0.0",
"jquery": "^3.7.1",
"jwt-decode": "^4.0.0",
"lodash": "^4.17.21",
"moment": "^2.29.4",
"node-polyfill-webpack-plugin": "^2.0.1",
"npm": "^10.2.3",
"nth-check": "^2.1.1",
"postcss": "^8.4.31",
"react": "^17.0.2",
"react-apexcharts": "^1.4.1",
"react-bootstrap": "^2.9.1",
"react-calendar": "^4.6.1",
"react-cookie-consent": "^9.0.0",
"react-datepicker": "^4.21.0",
"react-dom": "^17.0.2",
"react-dropzone": "^14.2.3",
"react-google-recaptcha": "^3.1.0",
"react-paginate": "^8.2.0",
"react-phone-number-input": "^3.3.7",
"react-redux": "^8.1.3",
"react-router-dom": "^6.18.0",
"react-scripts": "^5.0.1",
"react-toastify": "^9.1.3",
"reactjs-social-login": "^2.6.3",
"reactstrap": "^9.2.1",
"redux": "^4.2.1",
"redux-thunk": "^2.4.2",
"sendpulse-api": "^1.1.6",
"svgo": "^3.0.2",
"terser-webpack-plugin": "^5.3.9",
"web-vitals": "^3.5.0",
"webpack": "5.88.2",
"workbox-background-sync": "^6.6.0",
"workbox-build": "^7.0.0",
"workbox-core": "^7.0.0",
"workbox-expiration": "^7.0.0",
"workbox-precaching": "^7.0.0",
"workbox-range-requests": "^7.0.0",
"workbox-routing": "^7.0.0",
"workbox-strategies": "^7.0.0",
"workbox-webpack-plugin": "7.0.0",
"workbox-window": "^7.0.0"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test",
"eject": "react-scripts eject",
"webpack": "webpack --config webpack.config.js"
},
"eslintConfig": {
"extends": [
"react-app",
"react-app/jest"
]
},
"browser": {
"crypto": false,
"stream": false,
"fs": false,
"path": false,
"os": false,
"http": false
},
"browserslist": {
"production": [
">0.2%",
"not dead",
"not op_mini all"
],
"development": [
"last 1 chrome version",
"last 1 firefox version",
"last 1 safari version"
]
},
"devDependencies": {
"@babel/core": "^7.23.3",
"@babel/plugin-proposal-private-property-in-object": "^7.15.0",
"@babel/plugin-transform-class-properties": "^7.23.3",
"@babel/plugin-transform-nullish-coalescing-operator": "^7.23.3",
"@babel/plugin-transform-numeric-separator": "^7.23.3",
"@babel/plugin-transform-optional-chaining": "^7.23.3",
"@babel/plugin-transform-private-methods": "^7.23.3",
"@babel/plugin-transform-private-property-in-object": "^7.23.3",
"@jridgewell/sourcemap-codec": "^1.4.15",
"babel-loader": "^9.1.3",
"eslint-plugin-react-hooks": "^4.6.0",
"ts-loader": "^9.5.0",
"typescript": "^4.8.4",
"webpack-cli": "^5.1.4"
},
"webpack": [
"webpack --config webpack.config.js"
]
}
我试过更新软件包和npm install postcss@latestnpm install nth-check@latest
答: 暂无答案
评论