{"id":769,"hash":"d9dd97891f5ad32ba39a14a8702baa33b7a1e5062c90192d8ee86ac681b40748","pattern":"My React App has unfixable High Severity warnings, how do I fix this?","full_message":"I cloned my repo for a react app.\nRan npm i\nReceived 3 high severity warnings.\nOn attempt to fix (npm audit fix --force) I get 31 vulnerabilities in total\n\nHere are the warnings:\n\nnpm WARN deprecated request-promise-native@1.0.9: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142\nnpm WARN deprecated @hapi/topo@3.1.6: This version has been deprecated and is no longer supported or maintained\nnpm WARN deprecated @hapi/bourne@1.3.2: This version has been deprecated and is no longer supported or maintained\nnpm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated\nnpm WARN deprecated har-validator@5.1.5: this library is no longer supported\nnpm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated\nnpm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.\nnpm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.\nnpm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.\nnpm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.\nnpm WARN deprecated babel-eslint@10.1.0: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates.\nnpm WARN deprecated @hapi/address@2.1.4: Moved to 'npm install @sideway/address'\nnpm WARN deprecated rollup-plugin-babel@4.4.0: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel.\nnpm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142\nnpm WARN deprecated @hapi/hoek@8.5.1: This version has been deprecated and is no longer supported or maintained\nnpm WARN deprecated @hapi/joi@15.1.1: Switch to 'npm install joi'\nnpm WARN deprecated core-js@2.6.12: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.\n\nadded 1988 packages, and audited 1988 packages in 8s\n\n126 packages are looking for funding\n  run `npm fund` for details\n\n3 high severity vulnerabilities\n\nTo address all issues (including breaking changes), run:\n  npm audit fix --force\n\nRun `npm audit` for details.\n\nThis is what the audit shows:\n\n# npm audit report\n\nimmer  <8.0.1\nSeverity: high\nPrototype Pollution - https://npmjs.com/advisories/1603\nfix available via `npm audit fix --force`\nWill install react-scripts@2.0.5, which is a breaking change\nnode_modules/immer\n  react-dev-utils  >=6.0.6-next.9b4009d7\n  Depends on vulnerable versions of immer\n  node_modules/react-dev-utils\n    react-scripts  >=2.0.6-next.9b4009d7\n    Depends on vulnerable versions of react-dev-utils\n    node_modules/react-scripts\n\n3 high severity vulnerabilities\n\nTo address all issues (including breaking changes), run:\n  npm audit fix --force","ecosystem":"npm","package_name":"reactjs","package_version":null,"solution":"I fought over this issue for a few hours yesterday and this morning and found this thread which seems to be the cause:\n\nhttps://github.com/facebook/create-react-app/issues/10411\n\nAs well as this proposed fix:\n\nhttps://github.com/facebook/create-react-app/pull/10412\n\nIt looks like it's a dependency issue with immer, react-scripts, and react-dev-tools. They say they will try and push out an update this weekend so I would look forward to that sooner than later.","confidence":0.8,"source":"stackoverflow","source_url":"https://stackoverflow.com/questions/66285849/my-react-app-has-unfixable-high-severity-warnings-how-do-i-fix-this","votes":10,"created_at":"2026-04-19T04:51:39.467922+00:00","updated_at":"2026-04-19T04:51:39.467922+00:00"}