Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

41 vulnerabilities (34 moderate, 7 high)

See original GitHub issue

Laravel Framework 8.46.0
Laravel Mix Version: npm list --depth=0

├── laravel-mix@6.0.19 ├── lodash@4.17.21 └── postcss@8.3.0

Node Version (node -v): v15.10.0
NPM Version (npm -v): 7.6.0
OS: MacOSx Big Sur version 11.4, Apple silicon

Description:

Just installed fresh Laravel, and run npm install I am getting this error: 41 vulnerabilities (34 moderate, 7 high)

Steps To Reproduce:

Install new laravel instance Run npm install

Issue Analytics

State:
Created 2 years ago
Reactions:13
Comments:10

Top GitHub Comments

7reactions

thecrypticacecommented, Jun 14, 2021

So I updated some stuff in our master branch over the weekend however, even if we tag a release, it won’t fix some vulnerabilities still present in dependencies.

One is present in css-what depended upon by svgo.
One is present in glob-parent due to @types/browser-sync pulling in an old version of chokidar.
One is because resolve-url-loader pulls in a vulnerable version of postcss (when it should be a peer dep).

We should still tag a new release though. I’ll see if we can do that soon.

4reactions

johnneijzencommented, Jun 23, 2021

so far my side only 7 high vulnerabilities from css-what from svgo so it is getting better