My React App has unfixable High Severity warnings, how do I fix this?
Full error message
I cloned my repo for a react app. Ran npm i Received 3 high severity warnings. On attempt to fix (npm audit fix --force) I get 31 vulnerabilities in total Here are the warnings: npm WARN deprecated [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142 npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated [email protected]: this library is no longer supported npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2. npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies. npm WARN deprecated [email protected]: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2. npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies. npm WARN deprecated [email protected]: babel-eslint is now @babel/eslint-parser. This package will no longer receive updates. npm WARN deprecated @hapi/[email protected]: Moved to 'npm install @sideway/address' npm WARN deprecated [email protected]: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-babel. npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated @hapi/[email protected]: This version has been deprecated and is no longer supported or maintained npm WARN deprecated @hapi/[email protected]: Switch to 'npm install joi' npm WARN deprecated [email protected]: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3. added 1988 packages, and audited 1988 packages in 8s 126 packages are looking for funding run `npm fund` for details 3 high severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force Run `npm audit` for details. This is what the audit shows: # npm audit report immer <8.0.1 Severity: high Prototype Pollution - https://npmjs.com/advisories/1603 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/immer react-dev-utils >=6.0.6-next.9b4009d7 Depends on vulnerable versions of immer node_modules/react-dev-utils react-scripts >=2.0.6-next.9b4009d7 Depends on vulnerable versions of react-dev-utils node_modules/react-scripts 3 high severity vulnerabilities To address all issues (including breaking changes), run: npm audit fix --force
Solutionsource: stackoverflow \u2197
I fought over this issue for a few hours yesterday and this morning and found this thread which seems to be the cause: https://github.com/facebook/create-react-app/issues/10411 As well as this proposed fix: https://github.com/facebook/create-react-app/pull/10412 It looks like it's a dependency issue with immer, react-scripts, and react-dev-tools. They say they will try and push out an update this weekend so I would look forward to that sooner than later.
API access
Get this solution programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/error/d9dd97891f5ad32ba39a14a8702baa33b7a1e5062c90192d8ee86ac681b40748hash \u00b7 d9dd97891f5ad32ba39a14a8702baa33b7a1e5062c90192d8ee86ac681b40748