security - 由于极简主义导致的中等严重性漏洞
问题描述
我遇到了大量的漏洞。有 583 个漏洞都与 package minimist 相关联
我的 package.json 是这样的:
{
"name": "weather-wizard",
"version": "0.1.0",
"private": true,
"proxy": "http://localhost:5000",
"dependencies": {
"@testing-library/jest-dom": "^4.2.4",
"@testing-library/react": "^9.4.1",
"@testing-library/user-event": "^7.2.1",
"axios": "^0.19.2",
"chart.js": "^2.9.3",
"eslint-plugin-flowtype": "^3.13.0",
"minimist": "^1.2.5",
"moment": "^2.24.0",
"node-sass": "^4.13.1",
"react": "^16.13.0",
"react-animated-weather": "^4.0.0",
"react-chartjs-2": "^2.9.0",
"react-dom": "^16.13.0",
"react-places-autocomplete": "^7.2.1",
"react-scripts": "3.4.0",
"typescript": "^3.8.3"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test",
"eject": "react-scripts eject"
},
"eslintConfig": {
"extends": "react-app"
},
"browserslist": {
"production": [
">0.2%",
"not dead",
"not op_mini all"
],
"development": [
"last 1 chrome version",
"last 1 firefox version",
"last 1 safari version"
]
}
}
管理这些漏洞的最佳方法是什么?
解决方案
当你看到这样的问题时,你需要首先检查 github 存储库是否已经通知他们并创建一个问题,以便他们尽快修复它。
他们在以下问题中解决了这个问题:https ://github.com/facebook/create-react-app/issues/8672
推荐阅读
- postgresql - 如何在 postgresql 中为更新添加默认值?
- sql-server - 无法在 Linux 上通过 JDBC 连接到 SQL Server
- wpf - HamburgerMenuItem IsEnabled 属性无法在运行时更新
- python - 如何在 django api 中获取图像的响应,在 base64 中编码后?
- networking - 如何发送UDP长度为0且无数据的UDP数据包
- r - 如何记录与每种类型的记录相关的计数?
- shell - 使用带有 {,/ 和 " 的 sed 在匹配后替换一定数量的字符
- angular - Angular HTTPClients:将 HTTP-requests 和 Observables 结合起来实现异步
- python-3.x - 如何在杀死(太长)运行的python脚本之前保存变量?
- python - 如何集成两个经过不同训练的神经网络?