-
글쓴이글
-
2021년 10월 11일 20:47 #17802
황정후참가자npm으로 뭔가 설치하거나하면 오류가 가끔나는데요 지금 그 오류가 쌓여
58 vulnerabilities (16 moderate, 40 high, 2 critical)
이렇게 많은양이 되었습니다
전부 audit fix --force 로 해결해보려했는데 아무리반복해도 저값에서 더이상 줄지않는거같아 수동으로해야할것같습니다
수동으로 처리하고싶은데 어떻게 하나하나 업데이트하면될까요..?
""
PS C:\Users\H\Desktop\RABI\rabi> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating react-scripts to 4.0.3,which is a SemVer major change.
npm WARN ERESOLVE overriding peer dependency
npm WARN Found: @babel/core@7.12.3
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.0.0" from babel-loader@8.1.0
npm WARN node_modules/babel-loader
npm WARN babel-loader@"8.1.0" from react-scripts@4.0.3
npm WARN node_modules/react-scripts
npm WARN 10 more (babel-plugin-named-asset-import, react-scripts, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.15.4
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.15.4" from @babel/preset-env@7.15.8
npm WARN node_modules/@babel/preset-env
npm WARN ERESOLVE overriding peer dependency
npm WARN Found: @babel/core@7.12.3
npm WARN node_modules/@babel/core
npm WARN peer @babel/core@"^7.0.0" from babel-loader@8.1.0
npm WARN node_modules/babel-loader
npm WARN babel-loader@"8.1.0" from react-scripts@4.0.3
npm WARN node_modules/react-scripts
npm WARN 10 more (babel-plugin-named-asset-import, react-scripts, ...)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer @babel/core@"^7.13.0" from @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.15.4
npm WARN node_modules/@babel/preset-env/node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining
npm WARN @babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@"^7.15.4" from @babel/preset-env@7.15.8
npm WARN node_modules/@babel/preset-env
npm WARN deprecated querystring@0.2.1: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.added 347 packages, removed 482 packages, changed 182 packages, and audited 1924 packages in 60s
162 packages are looking for funding
run npm fund for details# npm audit report
ansi-html *
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via npm audit fix --force
Will install react-scripts@3.4.4, which is a breaking change
node_modules/ansi-html
@pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of webpack-dev-server
node_modules/@pmmmwh/react-refresh-webpack-plugin
react-scripts >=0.10.0-alpha.328cb32e
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
webpack-dev-server 2.0.0-beta - 4.1.0
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of yargs
node_modules/webpack-dev-serveransi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via npm audit fix --force
Will install react-scripts@3.4.4, which is a breaking change
node_modules/webpack-dev-server/node_modules/cliui/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/string-width/node_modules/ansi-regex
node_modules/webpack-dev-server/node_modules/wrap-ansi/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/webpack-dev-server/node_modules/cliui/node_modules/strip-ansi
node_modules/webpack-dev-server/node_modules/string-width/node_modules/strip-ansi
node_modules/webpack-dev-server/node_modules/wrap-ansi/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of wrap-ansi
node_modules/webpack-dev-server/node_modules/cliui
yargs 10.1.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of string-width
node_modules/webpack-dev-server/node_modules/yargs
webpack-dev-server 2.0.0-beta - 4.1.0
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of webpack-dev-server
node_modules/@pmmmwh/react-refresh-webpack-plugin
react-scripts >=0.10.0-alpha.328cb32e
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/webpack-dev-server/node_modules/string-width
wrap-ansi 3.0.0 - 6.1.0
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/webpack-dev-server/node_modules/wrap-ansibrowserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via npm audit fix --force
Will install react-scripts@3.4.4, which is a breaking change
node_modules/react-dev-utils/node_modules/browserslist
react-dev-utils 6.0.0-next.03604a46 - 12.0.0-next.37
Depends on vulnerable versions of browserslist
Depends on vulnerable versions of fork-ts-checker-webpack-plugin
Depends on vulnerable versions of immer
node_modules/react-dev-utils
react-scripts >=0.10.0-alpha.328cb32e
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scriptsglob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via npm audit fix --force
Will install react-scripts@3.4.4, which is a breaking change
node_modules/watchpack-chokidar2/node_modules/glob-parent
node_modules/webpack-dev-server/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of braces
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
react-scripts >=0.10.0-alpha.328cb32e
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
webpack-dev-server 2.0.0-beta - 4.1.0
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of webpack-dev-server
node_modules/@pmmmwh/react-refresh-webpack-pluginimmer <9.0.6
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
fix available via npm audit fix --force
Will install react-scripts@3.4.4, which is a breaking change
node_modules/immer
react-dev-utils 6.0.0-next.03604a46 - 12.0.0-next.37
Depends on vulnerable versions of browserslist
Depends on vulnerable versions of fork-ts-checker-webpack-plugin
Depends on vulnerable versions of immer
node_modules/react-dev-utils
react-scripts >=0.10.0-alpha.328cb32e
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scriptsnth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via npm audit fix --force
Will install react-scripts@3.4.4, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=0.10.0-alpha.328cb32e
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of postcss-svgo
node_modules/cssnano-preset-default
cssnano 4.0.0-nightly.2020.1.9 - 4.1.11
Depends on vulnerable versions of cssnano-preset-default
node_modules/cssnano
optimize-css-assets-webpack-plugin 3.2.1 || 5.0.0 - 5.0.8
Depends on vulnerable versions of cssnano
node_modules/optimize-css-assets-webpack-pluginset-value <4.0.1
Severity: high
Prototype Pollution in set-value - https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
fix available via npm audit fix --force
Will install react-scripts@3.4.4, which is a breaking change
node_modules/set-value
cache-base >=0.7.0
Depends on vulnerable versions of set-value
Depends on vulnerable versions of union-value
node_modules/cache-base
base >=0.7.0
Depends on vulnerable versions of cache-base
node_modules/base
snapdragon 0.6.0 - 0.10.1
Depends on vulnerable versions of base
node_modules/snapdragon
braces 2.0.0 - 2.3.2
Depends on vulnerable versions of snapdragon
node_modules/fork-ts-checker-webpack-plugin/node_modules/braces
node_modules/http-proxy-middleware/node_modules/braces
node_modules/sane/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
node_modules/webpack-dev-server/node_modules/braces
node_modules/webpack/node_modules/braces
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of braces
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
node_modules/webpack-dev-server/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
react-scripts >=0.10.0-alpha.328cb32e
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of babel-jest
Depends on vulnerable versions of optimize-css-assets-webpack-plugin
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
Depends on vulnerable versions of webpack-dev-server
node_modules/react-scripts
webpack-dev-server 2.0.0-beta - 4.1.0
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of http-proxy-middleware
Depends on vulnerable versions of yargs
node_modules/webpack-dev-server
@pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6
Depends on vulnerable versions of ansi-html
Depends on vulnerable versions of webpack-dev-server
node_modules/@pmmmwh/react-refresh-webpack-plugin
expand-brackets 1.0.0 - 2.1.4
Depends on vulnerable versions of snapdragon
node_modules/expand-brackets
extglob 1.0.0 - 2.0.4
Depends on vulnerable versions of snapdragon
node_modules/extglob
micromatch 3.0.0 - 3.1.10
Depends on vulnerable versions of snapdragon
node_modules/fork-ts-checker-webpack-plugin/node_modules/micromatch
node_modules/http-proxy-middleware/node_modules/micromatch
node_modules/sane/node_modules/micromatch
node_modules/watchpack-chokidar2/node_modules/micromatch
node_modules/webpack-dev-server/node_modules/micromatch
node_modules/webpack/node_modules/micromatch
anymatch 2.0.0
Depends on vulnerable versions of micromatch
node_modules/sane/node_modules/anymatch
node_modules/watchpack-chokidar2/node_modules/anymatch
node_modules/webpack-dev-server/node_modules/anymatch
fork-ts-checker-webpack-plugin 0.4.14 - 4.1.6
Depends on vulnerable versions of micromatch
node_modules/fork-ts-checker-webpack-plugin
react-dev-utils 6.0.0-next.03604a46 - 12.0.0-next.37
Depends on vulnerable versions of browserslist
Depends on vulnerable versions of fork-ts-checker-webpack-plugin
Depends on vulnerable versions of immer
node_modules/react-dev-utils
http-proxy-middleware 0.18.0 - 0.19.2
Depends on vulnerable versions of micromatch
node_modules/http-proxy-middleware
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/watchpack-chokidar2/node_modules/readdirp
node_modules/webpack-dev-server/node_modules/readdirp
sane 2.5.0 - 4.1.0
Depends on vulnerable versions of micromatch
node_modules/sane
jest-haste-map 24.0.0-alpha.0 - 26.6.2
Depends on vulnerable versions of sane
node_modules/jest-haste-map
@jest/core <=26.6.3
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-snapshot
node_modules/@jest/core
jest 24.2.0-alpha.0 - 26.6.3
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-cli
node_modules/jest
jest-watch-typeahead 0.6.0 - 0.6.3
Depends on vulnerable versions of jest
node_modules/jest-watch-typeahead
jest-cli 24.2.0-alpha.0 - 26.6.3
Depends on vulnerable versions of @jest/core
Depends on vulnerable versions of jest-config
node_modules/jest-cli
@jest/reporters <=26.6.2
Depends on vulnerable versions of jest-haste-map
node_modules/@jest/reporters
@jest/test-sequencer <=26.6.3
Depends on vulnerable versions of jest-haste-map
node_modules/@jest/test-sequencer
jest-config 24.2.0-alpha.0 - 26.6.3
Depends on vulnerable versions of @jest/test-sequencer
Depends on vulnerable versions of babel-jest
node_modules/jest-config
jest-runner 24.0.0-alpha.0 - 26.6.3
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
node_modules/jest-runner
jest-circus 25.2.4 - 26.6.3
Depends on vulnerable versions of jest-runner
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/jest-circus
jest-runtime 24.0.0-alpha.0 - 26.6.3
Depends on vulnerable versions of @jest/transform
Depends on vulnerable versions of jest-config
Depends on vulnerable versions of jest-haste-map
Depends on vulnerable versions of jest-snapshot
node_modules/jest-runtime
jest-jasmine2 24.2.0-alpha.0 - 26.6.3
Depends on vulnerable versions of jest-runtime
Depends on vulnerable versions of jest-snapshot
node_modules/jest-jasmine2
@jest/transform <=26.6.2
Depends on vulnerable versions of jest-haste-map
node_modules/@jest/transform
babel-jest 24.2.0-alpha.0 - 26.6.3
Depends on vulnerable versions of @jest/transform
node_modules/babel-jest
jest-snapshot 24.2.0-alpha.0 - 24.5.0 || 26.1.0 - 26.6.2
Depends on vulnerable versions of jest-haste-map
node_modules/jest-snapshot
jest-resolve-dependencies 26.1.0 - 26.6.3
Depends on vulnerable versions of jest-snapshot
node_modules/jest-resolve-dependencies
nanomatch >=0.1.1
Depends on vulnerable versions of snapdragon
node_modules/nanomatch
union-value *
Depends on vulnerable versions of set-value
node_modules/union-value58 vulnerabilities (16 moderate, 40 high, 2 critical)
To address issues that do not require attention, run:
npm audit fixTo address all issues (including breaking changes), run:
npm audit fix --force"'
만약 위처럼 되어있다면 warn은 무슨뜻이며 어떻게처리하면되는지 그리고 npm 오류를 수동으로 어떻게처리하면되는지 알수있을까요
하나하나 찾아가며 일일이 npm install 하면될까요
예를들어
ansi-html *
Severity: high이렇게되어있으면
npm install ansi-html 이라고하면될까요?
2021년 10월 11일 22:05 #17807
codingapple키 마스터작동에 문제없으면 건드리지 않는게 좋습니다
npm audit fix 하면 오히려 프로젝트가 망가지는 경우가 있어서 그냥 라이브러리들 업데이트되기까지 기다리거나 하면 자연스럽게 해결됩니다
2021년 10월 11일 22:44 #17808
황정후참가자헐...? 그런가요? 크리티컬이라고 되어있는부분도있고
웹팩업데이트가 뭔지 찾아보고있었는데 가만히 두는게 좋았군요 ㄷㄷ..몰랐습니다
꼭 수정이 필요한경우에는 어떻게하면될까요??
2021년 10월 12일 09:47 #17818
codingapple키 마스터라이브러리 만든 사람이 신버전을 올려야 해결가능한 문제들입니다.
새로운 프로젝트 하나 더 만들어서 이상없으면 거기로 소스코드 옮기는게 가장 좋은 해결책입니다
-
글쓴이글
- 답변은 로그인 후 가능합니다.