mee*_*eez 14 dependencies npm reactjs package.json
在我的天蓝色管道中,我收到错误:
semver <7.5.2 严重性:中等 semver 容易受到正则表达式拒绝服务的影响 - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
当我添加semver我的决议时package.json:
"resolutions": {
"semver": "7.5.2"
}
然后我在管道中遇到另一个错误:
npm ERR! path /my-path-to/node_modules/semver/bin/semver
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, chmod '/my-path-to/node_modules/semver/bin/semver'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent
为什么我必须这样做?我知道我必须更新软件包,但我需要先添加该功能。
当我执行 npm 时,outdated我得到一个大列表:
Package Current Wanted Latest Location Depended by
@apollo/client 3.3.19 3.7.16 3.7.16 node_modules/@apollo/client myrepo
@babel/cli 7.14.3 7.22.5 7.22.5 node_modules/@babel/cli myrepo
@babel/core 7.14.3 7.22.5 7.22.5 node_modules/@babel/core myrepo
@babel/plugin-proposal-class-properties 7.13.0 7.18.6 7.18.6 node_modules/@babel/plugin-proposal-class-properties myrepo
@babel/plugin-proposal-object-rest-spread 7.14.2 7.20.7 7.20.7 node_modules/@babel/plugin-proposal-object-rest-spread myrepo
@babel/plugin-proposal-optional-chaining 7.14.2 7.21.0 7.21.0 node_modules/@babel/plugin-proposal-optional-chaining myrepo
@babel/plugin-transform-modules-commonjs 7.14.0 7.22.5 7.22.5 node_modules/@babel/plugin-transform-modules-commonjs myrepo
@babel/plugin-transform-runtime 7.14.3 7.22.5 7.22.5 node_modules/@babel/plugin-transform-runtime myrepo
@babel/preset-env 7.14.2 7.22.5 7.22.5 node_modules/@babel/preset-env myrepo
@babel/preset-flow 7.13.13 7.22.5 7.22.5 node_modules/@babel/preset-flow myrepo
@babel/preset-react 7.13.13 7.22.5 7.22.5 node_modules/@babel/preset-react myrepo
@babel/preset-typescript 7.13.0 7.22.5 7.22.5 node_modules/@babel/preset-typescript myrepo
@babel/register 7.13.16 7.22.5 7.22.5 node_modules/@babel/register myrepo
@brainhubeu/react-carousel 1.19.26 1.19.26 2.0.4 node_modules/@brainhubeu/react-carousel myrepo
@elastic/ecs-pino-format 0.1.0 0.1.0 1.3.0 node_modules/@elastic/ecs-pino-format myrepo
@emotion/babel-plugin 11.3.0 11.11.0 11.11.0 node_modules/@emotion/babel-plugin myrepo
@emotion/babel-preset-css-prop 11.2.0 11.11.0 11.11.0 node_modules/@emotion/babel-preset-css-prop myrepo
@emotion/jest 11.9.1 11.11.0 11.11.0 node_modules/@emotion/jest myrepo
@emotion/react 11.4.0 11.11.1 11.11.1 node_modules/@emotion/react myrepo
@emotion/styled 11.3.0 11.11.0 11.11.0 node_modules/@emotion/styled myrepo
@godaddy/terminus 4.8.0 4.12.0 4.12.0 node_modules/@godaddy/terminus myrepo
@graphql-codegen/cli 2.6.2 2.16.5 4.0.1 node_modules/@graphql-codegen/cli myrepo
@graphql-codegen/fragment-matcher 1.17.8 1.17.8 5.0.0 node_modules/@graphql-codegen/fragment-matcher myrepo
@graphql-codegen/typescript 2.4.8 2.8.8 4.0.1 node_modules/@graphql-codegen/typescript myrepo
@loadable/babel-plugin 5.13.2 5.15.3 5.15.3 node_modules/@loadable/babel-plugin myrepo
@loadable/component 5.15.0 5.15.3 5.15.3 node_modules/@loadable/component myrepo
@loadable/server 5.15.0 5.15.3 5.15.3 node_modules/@loadable/server myrepo
@loadable/webpack-plugin 5.15.0 5.15.2 5.15.2 node_modules/@loadable/webpack-plugin myrepo
@material-ui/core 4.11.4 4.12.4 4.12.4 node_modules/@material-ui/core myrepo
@material-ui/lab 4.0.0-alpha.60 4.0.0-alpha.61 4.0.0-alpha.61 node_modules/@material-ui/lab myrepo
@material-ui/styles 4.11.4 4.11.5 4.11.5 node_modules/@material-ui/styles myrepo
@my-reop/conventional-changelog 2.1.0 2.1.0 2.2.0 node_modules/@my-repo/conventional-changelog myrepo
@storybook/addon-actions 6.3.4 6.5.16 7.0.23 node_modules/@storybook/addon-actions myrepo
@storybook/addon-essentials 6.3.4 6.5.16 7.0.23 node_modules/@storybook/addon-essentials myrepo
@storybook/addon-links 6.3.4 6.5.16 7.0.23 node_modules/@storybook/addon-links myrepo
@storybook/react 6.4.22 6.5.16 7.0.23 node_modules/@storybook/react myrepo
@svgr/webpack 4.3.3 4.3.3 8.0.1 node_modules/@svgr/webpack myrepo
@testing-library/jest-dom 5.12.0 5.16.5 5.16.5 node_modules/@testing-library/jest-dom myrepo
@testing-library/react 9.5.0 9.5.0 14.0.0 node_modules/@testing-library/react myrepo
@types/body-parser 1.19.0 1.19.2 1.19.2 node_modules/@types/body-parser myrepo
@types/brainhubeu__react-carousel 1.15.0 1.15.0 2.0.5 node_modules/@types/brainhubeu__react-carousel myrepo
@types/cors 2.8.10 2.8.13 2.8.13 node_modules/@types/cors myrepo
@types/dotenv 6.1.1 6.1.1 8.2.0 node_modules/@types/dotenv myrepo
@types/express 4.17.13 4.17.17 4.17.17 node_modules/@types/express myrepo
@types/http-errors 1.8.0 1.8.2 2.0.1 node_modules/@types/http-errors myrepo
@types/isomorphic-fetch 0.0.35 0.0.35 0.0.36 node_modules/@types/isomorphic-fetch myrepo
@types/jest 27.0.0 27.5.2 29.5.2 node_modules/@types/jest myrepo
@types/loadable__component 5.13.3 5.13.4 5.13.4 node_modules/@types/loadable__component myrepo
@types/loadable__server 5.12.5 5.12.6 5.12.6 node_modules/@types/loadable__server myrepo
@types/lodash 4.14.169 4.14.195 4.14.195 node_modules/@types/lodash myrepo
@types/node 12.20.13 12.20.55 20.3.1 node_modules/@types/node myrepo
@types/pino 6.3.8 6.3.12 7.0.5 node_modules/@types/pino myrepo
@types/pino-http 5.4.1 5.8.1 5.8.1 node_modules/@types/pino-http myrepo
@types/react 17.0.6 17.0.62 18.2.13 node_modules/@types/react myrepo
@types/react-dom 17.0.5 17.0.20 18.2.6 node_modules/@types/react-dom myrepo
@types/react-lazyload 3.1.0 3.2.0 3.2.0 node_modules/@types/react-lazyload myrepo
@types/react-router 5.1.14 5.1.20 5.1.20 node_modules/@types/react-router myrepo
@types/react-router-config 5.0.2 5.0.7 5.0.7 node_modules/@types/react-router-config myrepo
@types/recompose 0.30.7 0.30.10 0.30.10 node_modules/@types/recompose myrepo
@types/serialize-javascript 5.0.1 5.0.2 5.0.2 node_modules/@types/serialize-javascript myrepo
@types/storybook__react 4.0.2 4.0.2 5.2.1 node_modules/@types/storybook__react myrepo
@types/storybook-addon-jsx 5.4.3 5.4.3 7.0.4 node_modules/@types/storybook-addon-jsx myrepo
@types/webpack-env 1.16.0 1.18.1 1.18.1 node_modules/@types/webpack-env myrepo
@types/yup 0.26.37 0.26.37 0.32.0 node_modules/@types/yup myrepo
@typescript-eslint/parser 2.34.0 2.34.0 5.60.0 node_modules/@typescript-eslint/parser myrepo
babel-jest 25.5.1 25.5.1 29.5.0 node_modules/babel-jest myrepo
babel-loader 8.2.2 8.3.0 9.1.2 node_modules/babel-loader myrepo
babel-plugin-macros 2.8.0 2.8.0 3.1.0 node_modules/babel-plugin-macros myrepo
babel-plugin-named-asset-import 0.3.7 0.3.8 0.3.8 node_modules/babel-plugin-named-asset-import myrepo
body-parser 1.20.0 1.20.2 1.20.2 node_modules/body-parser myrepo
chalk 2.4.2 2.4.2 5.2.0 node_modules/chalk myrepo
core-js 3.12.1 3.31.0 3.31.0 node_modules/core-js myrepo
cross-env 5.2.1 5.2.1 7.0.3 node_modules/cross-env myrepo
crypto-hash 1.3.0 1.3.0 2.0.1 node_modules/crypto-hash myrepo
css-loader 3.6.0 3.6.0 6.8.1 node_modules/css-loader myrepo
cypress 7.3.0 7.7.0 12.15.0 node_modules/cypress myrepo
cypress-cucumber-preprocessor 4.1.0 4.3.1 4.3.1 node_modules/cypress-cucumber-preprocessor myrepo
date-fns 2.21.3 2.30.0 2.30.0 node_modules/date-fns myrepo
dotenv 8.6.0 8.6.0 16.3.1 node_modules/dotenv myrepo
eslint-loader 3.0.4 3.0.4 4.0.2 node_modules/eslint-loader myrepo
express 4.18.1 4.18.2 4.18.2 node_modules/express myrepo
file-loader 4.3.0 4.3.0 6.2.0 node_modules/file-loader myrepo
formik 2.2.7 2.4.2 2.4.2 node_modules/formik myrepo
graphql 14.7.0 14.7.0 16.7.1 node_modules/graphql myrepo
history 4.10.1 4.10.1 5.3.0 node_modules/history myrepo
hpropagate 0.0.7 0.0.7 1.0.1 node_modules/hpropagate myrepo
html-react-parser 1.4.14 1.4.14 4.0.0 node_modules/html-react-parser myrepo
html-webpack-plugin 3.2.0 3.2.0 5.5.3 node_modules/html-webpack-plugin myrepo
http-errors 1.8.0 1.8.1 2.0.0 node_modules/http-errors myrepo
husky 3.1.0 3.1.0 8.0.3 node_modules/husky myrepo
is-mobile 2.2.2 2.2.2 4.0.0 node_modules/is-mobile myrepo
jest 25.5.4 25.5.4 29.5.0 node_modules/jest myrepo
jest-junit 8.0.0 8.0.0 16.0.0 node_modules/jest-junit myrepo
jsdom 15.1.1 15.1.1 22.1.0 node_modules/jsdom myrepo
lint-staged 9.5.0 9.5.0 13.2.2 node_modules/lint-staged myrepo
mini-css-extract-plugin 0.8.2 0.8.2 2.7.6 node_modules/mini-css-extract-plugin myrepo
nanoid 3.2.0 3.3.6 4.0.2 node_modules/nanoid myrepo
nodemon 2.0.7 2.0.22 2.0.22 node_modules/nodemon myrepo
pino 6.11.3 6.14.0 8.14.1 node_modules/pino myrepo
pino-http 5.5.0 5.8.0 8.3.3 node_modules/pino-http myrepo
pino-pretty 4.8.0 4.8.0 10.0.0 node_modules/pino-pretty myrepo
prettier 1.19.1 1.19.1 2.8.8 node_modules/prettier myrepo
puppeteer 1.20.0 1.20.0 20.7.3 node_modules/puppeteer myrepo
query-string 7.0.0 7.1.3 8.1.0 node_modules/query-string myrepo
react 17.0.2 17.0.2 18.2.0 node_modules/react myrepo
react-cookie 4.0.3 4.1.1 4.1.1 node_modules/react-cookie myrepo
react-dev-utils 11.0.4 11.0.4 12.0.1 node_modules/react-dev-utils myrepo
react-dom 17.0.2 17.0.2 18.2.0 node_modules/react-dom myrepo
react-helmet-async 1.0.9 1.3.0 1.3.0 node_modules/react-helmet-async myrepo
react-router 5.2.0 5.3.4 6.13.0 node_modules/react-router myrepo
react-router-dom 5.2.0 5.3.4 6.13.0 node_modules/react-router-dom myrepo
react-twitter-widgets 1.10.0 1.11.0 1.11.0 node_modules/react-twitter-widgets myrepo
regenerator-runtime 0.13.7 0.13.11 0.13.11 node_modules/regenerator-runtime myrepo
rimraf 3.0.2 3.0.2 5.0.1 node_modules/rimraf myrepo
serialize-javascript 6.0.0 6.0.1 6.0.1 node_modules/serialize-javascript myrepo
source-map-explorer 2.5.2 2.5.3 2.5.3 node_modules/source-map-explorer myrepo
start-server-and-test 1.12.2 1.15.4 2.0.0 node_modules/start-server-and-test myrepo
swiper 6.8.4 6.8.4 9.4.1 node_modules/swiper myrepo
terser-webpack-plugin 1.4.5 1.4.5 5.3.9 node_modules/terser-webpack-plugin myrepo
typescript 3.9.10 3.9.10 5.1.3 node_modules/typescript myrepo
url-loader 2.3.0 2.3.0 4.1.1 node_modules/url-loader myrepo
webpack 4.46.0 4.46.0 5.88.0 node_modules/webpack myrepo
webpack-cli 3.3.12 3.3.12 5.1.4 node_modules/webpack-cli myrepo
webpack-dev-server 3.11.3 3.11.3 4.15.1 node_modules/webpack-
小智 26
是的,semver 存在安全漏洞,更多信息请参见此处
此问题已在 semver 版本中修复^7.5.3。为了让您的应用程序使用上述版本,您可以将覆盖添加到 package.json 中。
"overrides": {
"semver": "^7.5.3"
}
添加后,只需npm i在终端上运行即可解决问题。
小智 3
看起来存在与 Semver 相关的中等漏洞。我也有和你一样的道具
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
Semvr 本身昨天更新到了 7.5.3:
反正。由于查看管道中的日志,我发现了我的问题。所以更新到目标版本 34 对我有用。
任务“:app:checkReleaseAarMetadata”执行失败。执行com.android.build.gradle.internal.tasks.CheckAarMetadataWorkAction时发生失败检查AAR元数据时发现问题:
1. Dependency 'androidx.browser:browser:1.6.0-beta01' requires libraries and applications that
depend on it to compile against version 34 or later of the
Android APIs.
:app is currently compiled against android-33.
Also, the maximum recommended compile SDK version for Android Gradle
plugin 7.3.1 is 33.
Recommended action: Update this project's version of the Android Gradle
plugin to one that supports 34, then update this project to use
compileSdkVerion of at least 34.
Note that updating a library or application's compileSdkVersion (which
allows newer APIs to be used) can be done separately from updating
targetSdkVersion (which opts the app in to new runtime behavior) and
minSdkVersion (which determines which devices the app can be installed
on).
(注意:由于声誉较低,我还无法添加评论:))
| 归档时间: |
|
| 查看次数: |
12826 次 |
| 最近记录: |