0047411: npm audit reports issues for CRA - Openbravo Issue Tracking System

Openbravo Issue Tracking System - POS2

View Issue Details

Project

Category

View Status

Date Submitted

Last Update

0047411

POS2

Core

public

2021-07-19 12:59

2024-01-09 07:35

Reporter

alostale

Assigned To

Triage Platform Base

Priority

normal

Severity

minor

Reproducibility

have not tried

Status

closed

Resolution

out of date

Platform

OS Version

Product Version

Target Version

Fixed in Version

Merge Request Status

Review Assigned To

OBNetwork customer

Support ticket

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

Summary

0047411: npm audit reports issues for CRA

Description

When npm audit is executed, some issues are reported for CRA dependencies.

Transitory dependencies with those issues cannot be easily updated (without ejecting CRA) and it seems CRA's team is not planning to get those fixed claiming they are not exploitable [1].

[1] https://github.com/facebook/create-react-app/issues/11174 [^]

Steps To Reproduce

Run npm audit in core2:

$ npm audit --production
...
found 8 vulnerabilities (6 moderate, 2 high) in 2010 scanned packages
  run `npm audit fix` to fix 2 of them.
  1 vulnerability requires semver-major dependency updates.
  5 vulnerabilities require manual review. See the full report for details.

Proposed Solution

Additional Information

Tags

No tags attached.

Relationships

duplicate of	defect	0053862	closed	ablasco	Update all npm libraries to their latest version RM-9106
related to	defect	0046777	closed	platform	Update package-lock.json to fix npm audit issues
related to	design defect	0047415	closed	Triage Platform Base	npm audit reports issues for Storybook
related to	defect	0047535	closed	platform	Update package-lock.json to fix npm audit issues