由于 minimist 导致的中等严重性漏洞
Moderate severity vulnerabilities due to minimist
我 运行 遇到了大量漏洞。有 583 个漏洞都与包 minimist
有关
我的package.json是这样的:
{
"name": "weather-wizard",
"version": "0.1.0",
"private": true,
"proxy": "http://localhost:5000",
"dependencies": {
"@testing-library/jest-dom": "^4.2.4",
"@testing-library/react": "^9.4.1",
"@testing-library/user-event": "^7.2.1",
"axios": "^0.19.2",
"chart.js": "^2.9.3",
"eslint-plugin-flowtype": "^3.13.0",
"minimist": "^1.2.5",
"moment": "^2.24.0",
"node-sass": "^4.13.1",
"react": "^16.13.0",
"react-animated-weather": "^4.0.0",
"react-chartjs-2": "^2.9.0",
"react-dom": "^16.13.0",
"react-places-autocomplete": "^7.2.1",
"react-scripts": "3.4.0",
"typescript": "^3.8.3"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test",
"eject": "react-scripts eject"
},
"eslintConfig": {
"extends": "react-app"
},
"browserslist": {
"production": [
">0.2%",
"not dead",
"not op_mini all"
],
"development": [
"last 1 chrome version",
"last 1 firefox version",
"last 1 safari version"
]
}
}
管理这些漏洞的最佳方法是什么?
当您看到此类问题时,您需要先检查 github 存储库是否已通知他们并创建问题以便他们尽快解决。
他们正在处理以下问题:https://github.com/facebook/create-react-app/issues/8672
解法:
对于 npm 用户:
npm install minimist --save-dev
例如:(最小版本:1.2.5)
将与依赖键相邻的解析键添加到 package.json 文件
{
"resolutions": {
"minimist": "^1.2.5"
}
}
在脚本键中添加以下行到 package.json
示例:
"scripts": {
"preinstall": "npx npm-force-resolutions"
}
删除node_modules,然后运行命令:npm install.
虽然 npm audit fix 修复了依赖关系
我 运行 遇到了大量漏洞。有 583 个漏洞都与包 minimist
有关我的package.json是这样的:
{
"name": "weather-wizard",
"version": "0.1.0",
"private": true,
"proxy": "http://localhost:5000",
"dependencies": {
"@testing-library/jest-dom": "^4.2.4",
"@testing-library/react": "^9.4.1",
"@testing-library/user-event": "^7.2.1",
"axios": "^0.19.2",
"chart.js": "^2.9.3",
"eslint-plugin-flowtype": "^3.13.0",
"minimist": "^1.2.5",
"moment": "^2.24.0",
"node-sass": "^4.13.1",
"react": "^16.13.0",
"react-animated-weather": "^4.0.0",
"react-chartjs-2": "^2.9.0",
"react-dom": "^16.13.0",
"react-places-autocomplete": "^7.2.1",
"react-scripts": "3.4.0",
"typescript": "^3.8.3"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test",
"eject": "react-scripts eject"
},
"eslintConfig": {
"extends": "react-app"
},
"browserslist": {
"production": [
">0.2%",
"not dead",
"not op_mini all"
],
"development": [
"last 1 chrome version",
"last 1 firefox version",
"last 1 safari version"
]
}
}
管理这些漏洞的最佳方法是什么?
当您看到此类问题时,您需要先检查 github 存储库是否已通知他们并创建问题以便他们尽快解决。
他们正在处理以下问题:https://github.com/facebook/create-react-app/issues/8672
解法: 对于 npm 用户:
npm install minimist --save-dev 例如:(最小版本:1.2.5)
将与依赖键相邻的解析键添加到 package.json 文件
{
"resolutions": {
"minimist": "^1.2.5"
}
}
在脚本键中添加以下行到 package.json 示例:
"scripts": {
"preinstall": "npx npm-force-resolutions"
}
删除node_modules,然后运行命令:npm install.
虽然 npm audit fix 修复了依赖关系