javascript - 有没有办法修复 react 项目中的 browserslist 和 glob-parent 漏洞?
问题描述
对不起,这可能是我的第三个问题。我正在使用 react 和 node.js 在 Edx 上进行 Web 开发课程,我发现我使用的所有应用程序npx create-react-app <app_name>都有 10 个与 glob-parent 依赖和 browserslist 依赖相关的漏洞。
我尝试了在网上找到的几种解决方案,但似乎没有任何效果。那么,谁能指出我正确的方向或就如何解决这些问题给我一些建议。
这是来自x的结果的副本npm audit
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1747
fix available via `npm audit fix --force`
Will install react-scripts@1.1.5, which is a breaking change
node_modules/react-dev-utils/node_modules/browserslist
react-dev-utils 6.0.0-next.03604a46 - 12.0.0-next.37
Depends on vulnerable versions of browserslist
node_modules/react-dev-utils
react-scripts 0.10.0-alpha.328cb32e - 5.0.0-next.37
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
glob-parent <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
fix available via `npm audit fix --force`
Will install react-scripts@1.1.5, which is a breaking change
node_modules/watchpack-chokidar2/node_modules/glob-parent
node_modules/webpack-dev-server/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
react-scripts 0.10.0-alpha.328cb32e - 5.0.0-next.37
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
webpack-dev-server 2.0.0-beta - 3.11.2
Depends on vulnerable versions of chokidar
node_modules/webpack-dev-server
@pmmmwh/react-refresh-webpack-plugin 0.3.1 - 0.5.0-rc.6
Depends on vulnerable versions of webpack-dev-server
node_modules/@pmmmwh/react-refresh-webpack-plugin
10 moderate severity vulnerabilities
我什至试图强制修复npm audit fix --force它并不能解决这些问题。
我已经检查了 browserslist 和 glob-parent ,它们都是最新版本。
先感谢您。
解决方案
推荐阅读
- c++ - 可以在没有 va_* 的情况下使用省略号吗?
- html - 使常规按钮看起来像松弛
- node.js - 如果没有互联网连接,“ionic3”会失败
- php - 你能帮我解决这个foreach循环吗?
- amazon-web-services - 创建 LB 侦听器时出现 CertificateNotfound 错误
- azure - 将 Angular-CLI 6 ASP.Core 应用程序发布到 Azure
- git - 如何确保在受限分支上对 BitBucket 拉取请求 No-FF 策略进行 1 次合并提交?
- php - 使用带有计数的选择子查询的错误mysql查询
- php - 如何将对象放入字符串并打印
- python - 正则表达式命名方案python