Create-react-app: Update dependencies that include mixin-deep
Describe the bug
npm audit fix
found 12999 high severity vulnerabilities
run `npm audit fix` to fix them, or `npm audit` for details
Running npm audit shows all the packages that depend on mixin-deep somewhere in the dependency tree. For my scrollback buffer it looks a lot like this:
โโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ High โ Prototype Pollution โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Package โ mixin-deep โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Patched in โ >=2.0.1 โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Dependency of โ react-scripts โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Path โ react-scripts > webpack > micromatch > braces > snapdragon > โ
โ โ base > mixin-deep โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ More info โ https://npmjs.com/advisories/1013 โ
โโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ High โ Prototype Pollution โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Package โ mixin-deep โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Patched in โ >=2.0.1 โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Dependency of โ react-scripts โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Path โ react-scripts > webpack > micromatch > extglob > โ
โ โ expand-brackets > snapdragon > base > mixin-deep โ
โโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ More info โ https://npmjs.com/advisories/1013 โ
โโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
I doubt I am the first to see this, but you might as well have a tracking issue.
bug
stevenroussey-privicy
👍5
All 2 comments
While working, I installed some dependencies and suddenly had 13000 vulnerabilities. I first thought the new packages were the reason. ๐
... It's not just mixin-deep, its also set-value.
Those vulnerabilities have been published today:
https://www.npmjs.com/advisories/1012
https://www.npmjs.com/advisories/1013
Edit:
Now that it has been fixed, you probably need to delete package-lock.json to get the versions.
josias-r
on 12 Jul 2019
👍11
🚀3
They've both been fixed! Advisories were changed to include fixed patch versions.
heyimalex
on 13 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings
Related issues
JimmyLv
ยท
3Comments
xgqfrms-GitHub
ยท
3Comments
wereHamster
ยท
3Comments
DaveLindberg
ยท
3Comments
adrice727
ยท
3Comments
Most helpful comment
While working, I installed some dependencies and suddenly had 13000 vulnerabilities. I first thought the new packages were the reason. ๐
... It's not just mixin-deep, its also set-value.
Those vulnerabilities have been published today:
https://www.npmjs.com/advisories/1012
https://www.npmjs.com/advisories/1013
Edit:
Now that it has been fixed, you probably need to delete package-lock.json to get the versions.