gives me lot a moderate auidt issues more than 300-400
One error
Prototype Pollution
Package minimist
Patched in │ >=1.2.3
almost every audit is based on this
Upstream Bug
kamarajuPrathi
👍12
All 6 comments
damien-git
on 18 Mar 2020
We've removed mkdirp (#9486) so nothing for us to do. Will be fixed by the next release, whenever that is.
Upstream issue also seems fixed, so just do npm audit fix or whatever the command is
SimenB
on 18 Mar 2020
npm audit fix doesn't seem to work:
fixed 0 of 553 vulnerabilities in 883413 scanned packages
172 vulnerabilities required manual review and could not be updated
2 package updates for 381 vulnerabilities involved breaking changes
(use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)
Same issue here with 25.1.0
DanilaFadeev
on 19 Mar 2020
👍1
Related discussion: https://twitter.com/RoLLodeQc/status/1240468981456285696
npm audit fix doesn't upgrade to deprecated versions, as is the case with mkdirp 0.5.3.
millette
on 19 Mar 2020
👍1
So, the solution is to run npm install mkdirp --save-dev, then run npm uninstall mkdirp --save-dev.
alexanderby
on 25 Mar 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
paularmstrong
·
3Comments
StephanBijzitter
·
3Comments
withinboredom
·
3Comments
rosiakr
·
3Comments
Antho2407
·
3Comments