Create-react-app: npm audit fails on http-proxy

Created on 15 May 2020  路  7Comments  路  Source: facebook/create-react-app

Describe the bug

npm audit fails on http-proxy

Original issue: https://github.com/http-party/node-http-proxy/issues/1446

Did you try recovering your dependencies?

Yes.

npm --version
6.14.5

Which terms did you search for in User Guide?

(Write your answer here if relevant.)

Environment

Environment Info:

  current version of create-react-app: 3.4.1
  running from /Users/sergeikriger/.npm/_npx/73840/lib/node_modules/create-react-app

  System:
    OS: macOS 10.15.3
    CPU: (8) x64 Intel(R) Core(TM) i7-8569U CPU @ 2.80GHz
  Binaries:
    Node: 12.11.1 - ~/.nvm/versions/node/v12.11.1/bin/node
    Yarn: 1.19.0 - /usr/local/bin/yarn
    npm: 6.14.5 - ~/.nvm/versions/node/v12.11.1/bin/npm
  Browsers:
    Chrome: 81.0.4044.138
    Firefox: 76.0.1
    Safari: 13.0.5
  npmPackages:
    react: 16.9.0 => 16.9.0 
    react-dom: 16.9.0 => 16.9.0 
    react-scripts: ^3.4.0 => 3.4.1 
  npmGlobalPackages:
    create-react-app: Not Found

Steps to reproduce

  1. npm audit

Expected behavior

Audit passes.

Actual behavior

Audit fails:

image

Reproducible demo

(Paste the link to an example project and exact instructions to reproduce the issue.)

bug report needs triage stale
Source
picture sergeicodes
👍14 🚀1

Most helpful comment

+1 same issue here, blocking CI to deploy

picture erwanriou on 15 May 2020
👍9

All 7 comments

image

vikramdadwal picture vikramdadwal on 15 May 2020

+1 same issue here, blocking CI to deploy

erwanriou picture erwanriou on 15 May 2020
👍9

Original issue is fixed and marked as unaffected.

https://github.com/http-party/node-http-proxy/pull/1447#issuecomment-630257071

sergeicodes picture sergeicodes on 18 May 2020

Looks like this version bump is slowly getting propagated up the dependency chain (https://github.com/webpack/webpack-dev-server/pull/2616) - anyone have cycles to look at bumping it for CRA? I can try taking it on if no other takers.

uxtx picture uxtx on 18 May 2020

[email protected] is now whitelisted: https://www.npmjs.com/advisories/1486/versions

Think if you just refresh/update the lockfiles or reinstall the dependencies you should be able to get the latest [email protected], without having to wait for webpack-dev-server.

Optionally, with yarn you could also add resolutions to your package.json: https://classic.yarnpkg.com/en/docs/selective-version-resolutions/#toc-how-to-use-it

chimurai picture chimurai on 18 May 2020
👍2

This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs.

stale[bot] picture stale[bot] on 18 Jun 2020

This issue has been automatically closed because it has not had any recent activity. If you have a question or comment, please open a new issue.

stale[bot] picture stale[bot] on 23 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

onelson picture onelson  路  3Comments
oltsa picture oltsa  路  3Comments
xgqfrms-GitHub picture xgqfrms-GitHub  路  3Comments
stopachka picture stopachka  路  3Comments
adrice727 picture adrice727  路  3Comments