Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

npm audit reports vulnerability - immer in react-dev-utils

See original GitHub issue

Current behavior

Running npm audit produces an error caused by a transitive dependency of vue styleguidist

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ immer                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=8.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ vue-cli-plugin-styleguidist [dev]                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ vue-cli-plugin-styleguidist > vue-styleguidist >             │
│               │ react-dev-utils > immer                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1603                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

To reproduce

https://github.com/ccaspers/vue-styleguidist-vulnerability

git clone https://github.com/ccaspers/vue-styleguidist-vulnerability.git
cd vue-styleguidist-vulnerability
npm i && npm audit

Expected behavior Audit doesn’t report a security warning.

Issue Analytics

State:
Created 3 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

elevatebartcommented, Apr 10, 2021

I fixed it !!!

0reactions

ccasperscommented, Apr 12, 2021

Thank you very much 😃

Top Results From Across the Web

My React App has unfixable High Severity warnings, how do I ...

Received 3 high severity warnings. On attempt to fix (npm audit fix --force) I get 31 vulnerabilities in total. Here are the warnings:...

npm-audit

The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of...

react-dev-utils - Snyk Vulnerability Database

version published direct vulnerabilities 12.0.1 12 Apr, 2022 0. C. 0. H. 0. M. 0. L 12.1.0‑next.14 12 Apr, 2022 0. C. 0. H. 0....

npm audit fix 의경우 - 코딩애플 온라인 강좌

npm WARN audit Updating react-scripts to 4.0.3,which is a SemVer major change. ... npm audit report ... Depends on vulnerable versions of react-dev-utils...

Fixing security vulnerabilities in npm dependencies in less ...

npm audit log showing minimist as a prototype pollution vulnerability ... error where acorn and minimist were being reported as security vulnerabilities.