While deploying NODE code getting package vulnerability issue for lodash.
I have updated lodash package version to latest version 4.17.21 but, still showing vulnerability issue .
Below is the error.
lodash 4.17.19 High Fixed IN 4.17.21
Related
I am using angular 14 in my application with nestjs version ^9.0.0. Now the requirement is to use "nest-azure-ad-jwt-validator" package for some purpose. When I am trying to install version 4.0.0 of "nest-azure-ad-jwt-validator", npm is throwing compatibility issue with nestjs/common package and not able to resolve the dependency. It would help if someone tell what version of "nest-azure-ad-jwt-validator" I should use which is compatible with nestjs version 9. Check the link to see package information:
https://www.npmjs.com/package/nest-azure-ad-jwt-validator
I checked package details and it is showing version 4.0.0 as the latest one.
Error I am getting.
The actual version of "nest-azure-ad-jwt-validator" doesn't support nestjs version 9.
I just made a pull request on the repo to upgrade it: https://github.com/benMain/nest-azure-ad-jwt-validator/pull/50.
for now if you still want to use this package, you should stick with the nestjs 8 until the next release.
I am getting the following error while installing the multer package using npm.
dicer *
Severity: high
Crash in HeaderParser in dicer - https://github.com/advisories/GHSA-wm7h-9275-46v2
No fix available
node_modules/dicer
busboy <=0.3.1
Depends on vulnerable versions of dicer
node_modules/busboy
multer <=2.0.0-rc.3
Depends on vulnerable versions of busboy
node_modules/multer
3 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
you can update multer to 1.4.5 as the latest version with npm i multer#latest that uses
busboy#1.0.0
without any vulnerabilities.
This is due to vulnerability in dicer dependency. Multer will still work, right now no fix is available. Maybe it will be resolved in next update. Check this GitHub reviewed vulnerability
I am a novice and this is not advice on what you should do - I'm just relaying what I did and what the outcome was.
This is a duplicate of my post on the same issue, on GitHub
After deploying my Vuejs3 app a week ago to Firebase, I was prompted to upgrade to the newest version of Firebase Tools (11.0.1) via npm. After doing this, I began experiencing the problem detailed in my comment on GitHub.
Having no other solutions on the table, I decided to uninstall firebase tools (npm uninstall -g firebase-tools) and then reinstall the previous version (npm install -g firebase-tools#10.9.2).
BUT, after first time I did this, I ran npm audit fix (not npm audit fix --force) and all I got a ton of high severity warnings and problems.
So I decided to once again uninstall firebase tools (npm uninstall -g firebase-tools) and then reinstall the previous version (npm install -g firebase-tools#10.9.2) and that's it (did NOT run npm audit fix).
I proceeded to npm run build and firebase deploy --only hosting and it worked just fine. Definitely NOT a great or long-term solution. Good luck!
Recently I have migrated from Gatsby V2 to V4, using the official docs since that Iam facing this warning and It goes like this,
warn Error persisting state: function createFolder(folderData) {
return client.mutate({
mutation: mutations.createFo...<omitted>... } could not be cloned.
Iam using node version : 14.15.4
and npm version : 6.14.10
Is anybody faced this error before or suggest any way to resolve this.
I'd suggest updating your npm version up to version 7 in order to run:
npm install gatsby#latest --legacy-peer-deps
As well:
npm outdated
To compare your wanted version to the latest.
Keep in mind that if some dependency is not updated to any accordingly working version, your project may not be able to run. However, in the case of the gatsby-plugin-sharp, being an official maintained plugin I guess it will be compatible with v3 (they just shipped the v4 recently so...).
Prior to that suggestions, I'd also recommend cleaning cache in each process as well reinstalling your dependencies (or the locked ones) removing your node_modules, your package-lock.json, etc if needed.
Share you configuration details (gatsby-config.js) to see if there's something that needs to be refactored in the version 3.
We are facing vulnerability issue with angular 12.24 when scanned with black duck tool.
Below are the packages with issues.
PostCss - 7.0.36. Recommended -8.3.6
url-parse - 1.5.1 Recommended -1.5.3
glob-parent - 3.1.0 Recommended -6.0.1
einaros/ws - 6.2.2 Recommended -8.0.0
How can I update these versions as these are dependent packages of core packages installed.
Tried solutions
npm audit fix - Not working
Updated to latest angular version - Not working.
Updated package-lock.json - Getting overwritten on npm i.
Thanks in advance.
I have trouble with installing dependencies in my project. Gulp-sass version is 2.0.4. When I try to install with npm install I'm getting error 404 with node-sass v3.13.1. There is no link for it. I've also tried to insert source file of node-sass v3.13.1 but it's not working. I know the trouble is with link, but is there any way to get around this?
Node-sass is a c++ bridge so particular versions are only supported for some versions of NodeJS. In this case, you are running a new version of Node, that older version node-sass doesn't support. Newer versions also provide better error messages for this.