Cru*_*der 11 braces npm jestjs react-scripts
我的react客户端文件夹中的我的NPM包给了我63个低漏洞,这些漏洞主要处理版本2.1.5的react-scripts包的jest文件夹中的大括号包.NPM审核修复不起作用,我该怎么办?
我已经尝试降级到以前版本的react-scripts,通过更新package.json,删除包锁,再次运行npm install,或运行npm update braces来更新大括号,但是在2小时的摆弄后没有任何工作.我还尝试在它工作时恢复到我的Github package.json的早期版本.我相信它在我尝试下载firebase-ui后停止工作,但我认为这与更新软件包有关,因为我删除了节点模块和npm安装多次.
这就是我干净的package.json,它搞砸了.
"webpack-dev-server": "3.1.14",
"@babel/core": "*",
"axios": "*",
"body-parser": "*",
"bootstrap": "*",
"cors": "*",
"dotenv": "*",
"draft-js": "*",
"draft-js-export-html": "*",
"errorhandler": "*",
"express": "*",
"express-session": "*",
"history": "*",
"jquery": "*",
"moment": "*",
"mongoose": "*",
"morgan": "*",
"node-sass-chokidar": "*",
"npm-run-all": "*",
"path": "*",
"query-string": "*",
"react": "*",
"react-dom": "*",
"react-loadable": "*",
"react-redux": "*",
"react-router-dom": "*",
"react-router-redux": "*",
"react-scripts": "*",
"react-validation": "*",
"reactstrap": "*",
"recharts": "*",
"redux": "*",
"redux-logger": "*",
"redux-observable": "*",
"redux-thunk": "*",
"rxjs": "*",
"rxjs-compat": "*",
"validator": "*"
这是我得到的问题:
低正则表达式拒绝服务
包括牙套
反应脚本的依赖性
Path react-scripts> jest> jest-cli> micromatch> braces
小智 15
我跑了npm install braces@2.3.1然后npm update
这仍然导致了63个漏洞,但它确实将我的大括号带到了当前版本.所以我经历并更新braces了package-lock.jsonto 中的所有引用2.3.2.然后我又跑npm update了,当我跑npm audit的时候,漏洞就消失了.
| 归档时间: |
|
| 查看次数: |
6794 次 |
| 最近记录: |