found 4982 low severity vulnerabilities using create-react-app #9263
Comments
|
I have the same problem today, i tried npm audit fix --force but still problem ! |
|
Same problem here with 4967 vulnerabilities. |
|
somehow offtopic comment, trying to relax the atmosphere around something serious as 4000 audit fixes If you don't mind I will step closer and announce in our little circle of self-disappointment, that somebody is trying to bug and still holy wars between Adam and Ada are soap operas to watch |
|
Same problem here. When I run npm audit. It seems that most of the vulnerabilities are related to Lodash. |
|
I believe it's related to this: https://npmjs.com/advisories/1523 Still no fix available? |
|
is this zero-day? |
|
Even I am facing the same error. |
|
Iam facing the same error, i have three working projects and i created new project too,every project is showing same error with slightly different no of errors.example of error is attached below, Low Prototype Pollution Package lodash Patched in No patch available Dependency of react-scripts Path react-scripts > webpack-manifest-plugin > lodash More info https://npmjs.com/advisories/1523 found 4982 low severity vulnerabilities in 1656 scanned packages |
|
Same here, close to 5000 low severity vulnerabilities in create-react-app. What's the deal guys? |
|
Same here, seem like it mostly related to Lodash. |
|
hey, to clarify the issue, after my dependencies: , and I'm not sure how to elaborate by facts... |
|
|
|
|
, and
|
it fixed when i try npm audit fix |
|
5 days ago when I tried "npm audit fix", nothing happened. Today, when I tried "npm audit fix" all the problems have been solved. |
|
It has been fixed in |
|
Now there is a high severity issue too (in |
any one has the idea on fixing this? tried the version 18.1.3 |
|
cc @vigomesbr |
|
Re: #9263 (comment). There was no actual vulnerability here. Please see my reply in #9033 (comment). I've cut a release of Re: #9263 (comment), this has already been solved transitively, it's not something we could have fixed even if we wanted to. |
Describe the bug
create-react-app showing message "found 4982 low severity vulnerabilities" after installing all dependencies.
Did you try recovering your dependencies?
Yes I did delete node_modules and package-lock.json and installed latest version of npm and then ran npm install but I still see the "found 4982 low severity vulnerabilities" message
Which terms did you search for in User Guide?
Environment
Environment Info:
current version of create-react-app: 3.4.1
running from C:\Users\DELL\AppData\Roaming\npm\node_modules\create-react-app
System:
OS: Windows 10 10.0.18362
CPU: (8) x64 Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Binaries:
Node: 12.18.1 - C:\Program Files\nodejs\node.EXE
Yarn: Not Found
npm: 6.14.5 - C:\Program Files\nodejs\npm.CMD
Browsers:
Edge: 44.18362.449.0
Internet Explorer: 11.0.18362.1
npmPackages:
react: ^16.13.1 => 16.13.1
react-dom: ^16.13.1 => 16.13.1
react-scripts: 3.4.1 => 3.4.1
npmGlobalPackages:
create-react-app: Not Found
Steps to reproduce
(Write your steps here:)
Expected behavior
it should show message similar to found 0 vulnerabilities
Actual behavior
terminal showing message "found 4982 low severity vulnerabilities"
Reproducible demo
https://github.com/Prajwal-Jadhav/test-app
The text was updated successfully, but these errors were encountered: