I am getting the following error while installing the multer package using npm.
dicer *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
No fix available
node_modules/dicer
busboy <=0.3.1
Depends on vulnerable versions of dicer
node_modules/busboy
multer <=2.0.0-rc.3
Depends on vulnerable versions of busboy
node_modules/multer
3 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
you can update multer to 1.4.5 as the latest version with npm i multer#latest that uses
busboy#1.0.0
without any vulnerabilities.
This is due to vulnerability in dicer dependency. Multer will still work, right now no fix is available. Maybe it will be resolved in next update. Check this GitHub reviewed vulnerability
I am a novice and this is not advice on what you should do - I'm just relaying what I did and what the outcome was.
This is a duplicate of my post on the same issue, on GitHub
After deploying my Vuejs3 app a week ago to Firebase, I was prompted to upgrade to the newest version of Firebase Tools (11.0.1) via npm. After doing this, I began experiencing the problem detailed in my comment on GitHub.
Having no other solutions on the table, I decided to uninstall firebase tools (npm uninstall -g firebase-tools) and then reinstall the previous version (npm install -g firebase-tools#10.9.2).
BUT, after first time I did this, I ran npm audit fix (not npm audit fix --force) and all I got a ton of high severity warnings and problems.
So I decided to once again uninstall firebase tools (npm uninstall -g firebase-tools) and then reinstall the previous version (npm install -g firebase-tools#10.9.2) and that's it (did NOT run npm audit fix).
I proceeded to npm run build and firebase deploy --only hosting and it worked just fine. Definitely NOT a great or long-term solution. Good luck!
Related
I'm having some vulnerable errors which needs to have manual review when running react app. I tried to fix them but couldn't able to. Now, if I uninstall and reinstall the NodeJs does the above issue get solved??
NO, It only uninstalls node and npm. Installed packages remains as it is.
I entered npm install -g expo-cli
upper part pic
lower part pic
This issue happens, because nowadays when packages are installed with npm it runs command npm audit at the same time and informs user about possible vulnerabilities in downloaded dependency.
I attempted the same installation with node version 16.11 and OSX, the result was the same. However, these are not errors but vulnerabilities included in dependencies that Expo is using, and Expo by itself is working properly but has some vulnerabilities in it.
Therefore, there is not much that can be done from your perspective. Expo should fix these.
EDIT: And those warnings, those are a similar issue, which you cannot address. Expo is using dependencies that are old and are being deprecated.
I have tried to install the package but it is showing a lot of vulnerabilities and I cannot fix it properly even after using npm audit fix
enter image description here
If you are doing it for your personal projects then no need to worry about the vulnerabilities and all. The packages have already been installed in your projects.
When I try to create the starter React tutorial app using powershell, I get the below error:
"You are using npm 2.15.12 so the project will be boostrapped with an old unsupported version of tools".
"Please update to npm 3 or higher for a better, fully supported experience".
However, my NPM version is 6.11.3 as seen below.
What I have tried:
I have ran powershell as admin as answered in this question and restart.
I have also uninstalled and reinstalled Nodejs completely.
So after an extra hour digging around, I saw a few posts with similar (but not exactly) the same issue. I decided to install Yarn and install with that.
After install, I ran yarn cache clean and ran npx create-react-app your-app and it worked. Sorry for bothering you all.
I had the same problem. I'm running WSL with ubuntu, and yarn cache clear didn't work, but I noticed a node modules directory created in the project. I think it was messing with the node version so I deleted it. It worked
The Cloud Functions emulator requires the module "firebase-admin" to
be installed. This package is in your package.json, but it's not
available. You probably need to run "npm install" in your functions
directory.
I was running well my project till i was hit with that issue. Any help, please do tell. Thanks. {Below is the image of what i am getting}
This is a bug in firebase-tools versions 6.9.0 and 6.9.1. The solution is to downgrade to 6.8.0 for now:
npm install -g firebase-tools#6.8.0
You can follow along with the issue here:
https://github.com/firebase/firebase-tools/issues/1262