Project:
| View Revisions: Issue #47411 | [ Back to Issue ] | ||
| Summary | 0047411: npm audit reports issues for CRA | ||
| Revision | 2021-07-20 07:00 by alostale | ||
| Steps To Reproduce | Run npm audit in core2:$ npm audit --production ... found 8 vulnerabilities (6 moderate, 2 high) in 2010 scanned packages run `npm audit fix` to fix 2 of them. 1 vulnerability requires semver-major dependency updates. 5 vulnerabilities require manual review. See the full report for details. |
||
| Revision | 2021-07-19 13:00 by alostale | ||
| Steps To Reproduce | Run npm audit in core2:$ npm audit ... found 8 vulnerabilities (6 moderate, 2 high) in 2010 scanned packages run `npm audit fix` to fix 2 of them. 1 vulnerability requires semver-major dependency updates. 5 vulnerabilities require manual review. See the full report for details. |
||
| Revision | 2021-07-19 13:00 by alostale | ||
| Description | When npm audit is executed, some issues are reported for CRA dependencies. Transitory dependencies with those issues cannot be easily updated (without ejecting CRA) and it seems CRA's team is not planning to get those fixed claiming they are not exploitable [1]. [1] https://github.com/facebook/create-react-app/issues/11174 [^] |
||
| Revision | 2021-07-19 12:59 by alostale | ||
| Description | When npm audit is executed, some issues are reported for CRA. Transitory dependencies with those issues cannot be easily updated (without ejecting CRA) and it seems CRA's team is not planning to get those fixed claiming they are not exploitable [1]. [1] https://github.com/facebook/create-react-app/issues/11174 [^] |
||
| Copyright © 2000 - 2009 MantisBT Group |
 |