Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
High severity vulnerability found in fsevents >node-pre-gyp >tar
See original GitHub issueUsing Synk, I found security vulnerability from package node-pre-gyp in the package tar. This was discovered on Synk April 4 2019.
Please see Synk screenshots
You can see details about this vulnerability here https://snyk.io/vuln/SNYK-JS-TAR-174125
Because, I imagine many teams will not be able to use React Scripts. What is the best way to go about this? I filed an issue with the node-pre-gyp team but it seems like to fix this we will need fsevents to be updated as well. Any ideas?
Issue Analytics
- State:
- Created 4 years ago
- Reactions:9
- Comments:23 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Yes, like I said, we will update these packages. A new version of
fseventshas been released and there is already a PR updating our dependencies.Updating all
"tar"locations in package-lock.json to use"tar": "^4.4.8"manually solved my issue.