Closed hangler closed 1 year ago
Going to run an npm audit
to see if there are any more packages that can be updated.
The only remaining vulnerability is this one, which is almost certainly nothing to worry about, according to the Create React App team (see also Stack Overflow):
% npm audit
# npm audit report
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Fixes #178. Removes a number of unused / unneeded packages, and updates a number of others. This should also address a number of security issues from outdated dependencies.
After a
yarn install
,/ClientApp
should build (yarn build
) with no warnings or errors.In a few cases, I had to use
FixTypeLater
(an alias forany
) for the sake of expediency when dealing with third-party libraries which do not have readily-available built-in typings. At some point we can try to use better typings.