Npm 审计报告说 'found 1 low severity vulnerability' karma > expand-braces > braces
Npm audit report says 'found 1 low severity vulnerability' karma > expand-braces > braces
Npm 审计报告说 'found 1 low severity vulnerability'。 1 个漏洞需要人工审核。
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of karma [dev]
Path karma > expand-braces > braces
More info https://nodesecurity.io/advisories/786
然而,手动升级大括号(braces": "^2.3.2") 并没有解决问题。
有什么建议吗?
以下是我package.json
的内容
{
"name": "myapp",
"version": "0.0.0",
"scripts": {
"ng": "ng",
"start": "ng serve",
"build": "ng build",
"test": "ng test",
"lint": "ng lint",
"e2e": "ng e2e"
},
"private": true,
"dependencies": {
"@angular/animations": "^7.2.6",
"@angular/cdk": "^7.3.3",
"@angular/common": "~7.1.0",
"@angular/compiler": "~7.1.0",
"@angular/core": "~7.1.0",
"@angular/flex-layout": "^7.0.0-beta.23",
"@angular/forms": "~7.1.0",
"@angular/material": "^7.3.3",
"@angular/platform-browser": "~7.1.0",
"@angular/platform-browser-dynamic": "~7.1.0",
"@angular/router": "~7.1.0",
"core-js": "^2.5.4",
"hammerjs": "^2.0.8",
"mat-video": "^2.6.0",
"rxjs": "~6.3.3",
"tslib": "^1.9.0",
"zone.js": "~0.8.26"
},
"devDependencies": {
"@angular-devkit/build-angular": "^0.13.3",
"@angular/cli": "~7.1.4",
"@angular/compiler-cli": "^7.2.6",
"@angular/language-service": "~7.1.0",
"@types/jasmine": "~2.8.8",
"@types/jasminewd2": "~2.0.3",
"@types/node": "~8.9.4",
"codelyzer": "~4.5.0",
"jasmine-core": "~2.99.1",
"jasmine-spec-reporter": "~4.2.1",
"karma": "^4.0.0",
"karma-chrome-launcher": "~2.2.0",
"karma-coverage-istanbul-reporter": "^2.0.5",
"karma-jasmine": "~1.1.2",
"karma-jasmine-html-reporter": "^0.2.2",
"protractor": "~5.4.0",
"ts-node": "~7.0.0",
"tslint": "~5.11.0",
"typescript": "~3.1.6"
}
}
自行更新并不能解决问题的原因是它没有更新您正在使用的包的依赖项。在这种情况下,它是业力,它取决于具有此漏洞的牙套版本。
Npm 审计报告说 'found 1 low severity vulnerability'。 1 个漏洞需要人工审核。
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of karma [dev]
Path karma > expand-braces > braces
More info https://nodesecurity.io/advisories/786
然而,手动升级大括号(braces": "^2.3.2") 并没有解决问题。 有什么建议吗?
以下是我package.json
的内容{
"name": "myapp",
"version": "0.0.0",
"scripts": {
"ng": "ng",
"start": "ng serve",
"build": "ng build",
"test": "ng test",
"lint": "ng lint",
"e2e": "ng e2e"
},
"private": true,
"dependencies": {
"@angular/animations": "^7.2.6",
"@angular/cdk": "^7.3.3",
"@angular/common": "~7.1.0",
"@angular/compiler": "~7.1.0",
"@angular/core": "~7.1.0",
"@angular/flex-layout": "^7.0.0-beta.23",
"@angular/forms": "~7.1.0",
"@angular/material": "^7.3.3",
"@angular/platform-browser": "~7.1.0",
"@angular/platform-browser-dynamic": "~7.1.0",
"@angular/router": "~7.1.0",
"core-js": "^2.5.4",
"hammerjs": "^2.0.8",
"mat-video": "^2.6.0",
"rxjs": "~6.3.3",
"tslib": "^1.9.0",
"zone.js": "~0.8.26"
},
"devDependencies": {
"@angular-devkit/build-angular": "^0.13.3",
"@angular/cli": "~7.1.4",
"@angular/compiler-cli": "^7.2.6",
"@angular/language-service": "~7.1.0",
"@types/jasmine": "~2.8.8",
"@types/jasminewd2": "~2.0.3",
"@types/node": "~8.9.4",
"codelyzer": "~4.5.0",
"jasmine-core": "~2.99.1",
"jasmine-spec-reporter": "~4.2.1",
"karma": "^4.0.0",
"karma-chrome-launcher": "~2.2.0",
"karma-coverage-istanbul-reporter": "^2.0.5",
"karma-jasmine": "~1.1.2",
"karma-jasmine-html-reporter": "^0.2.2",
"protractor": "~5.4.0",
"ts-node": "~7.0.0",
"tslint": "~5.11.0",
"typescript": "~3.1.6"
}
}
自行更新并不能解决问题的原因是它没有更新您正在使用的包的依赖项。在这种情况下,它是业力,它取决于具有此漏洞的牙套版本。