PS C:\xampp\htdocs\creative_tim\notus_react_admin> npm audit fix --force
npm WARN using --force Recommended protections disabled.
npm WARN audit Updating postcss to 2.2.19,which is outside your stated dependency range.
npm WARN audit Updating react-scripts to 5.0.1,which is a SemVer major change.
npm WARN audit Updating tailwindcss to 2.2.19,which is outside your stated dependency range.
npm WARN audit Updating gulp to 3.9.1,which is a SemVer major change.
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: notus-react@1.1.0
npm WARN Found: postcss@8.2.8
npm WARN node_modules/postcss
npm WARN peer postcss@"^8.1.0" from autoprefixer@10.2.5
npm WARN node_modules/autoprefixer
npm WARN peer autoprefixer@"^10.0.2" from tailwindcss@2.0.4
npm WARN node_modules/tailwindcss
npm WARN 1 more (the root project)
npm WARN 5 more (postcss-js, postcss-safe-parser, purgecss, tailwindcss, the root project)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer postcss@"^8.1.0" from autoprefixer@10.2.5
npm WARN node_modules/autoprefixer
npm WARN peer autoprefixer@"^10.0.2" from tailwindcss@2.0.4
npm WARN node_modules/tailwindcss
npm WARN 1 more (the root project)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: tailwindcss@2.2.19
npm WARN Found: peer postcss@"^8.0.9" from tailwindcss@2.2.19
npm WARN node_modules/tailwindcss
npm WARN tailwindcss@"2.2.19" from the root project
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer postcss@"^8.0.9" from tailwindcss@2.2.19
npm WARN node_modules/tailwindcss
npm WARN tailwindcss@"2.2.19" from the root project
npm WARN
npm WARN Conflicting peer dependency: postcss@8.4.14
npm WARN node_modules/postcss
npm WARN peer postcss@"^8.0.9" from tailwindcss@2.2.19
npm WARN node_modules/tailwindcss
npm WARN tailwindcss@"2.2.19" from the root project
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: tailwindcss@2.2.19
npm WARN Found: peer postcss@"^8.2.14" from postcss-nested@5.0.6
npm WARN node_modules/tailwindcss/node_modules/postcss-nested
npm WARN postcss-nested@"5.0.6" from tailwindcss@2.2.19
npm WARN node_modules/tailwindcss
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer postcss@"^8.2.14" from postcss-nested@5.0.6
npm WARN node_modules/tailwindcss/node_modules/postcss-nested
npm WARN postcss-nested@"5.0.6" from tailwindcss@2.2.19
npm WARN node_modules/tailwindcss
npm WARN deprecated natives@1.1.6: This module relies on Node.js's internals and will break at some point. Do not use it, and update to graceful-fs@4.x.
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
added 375 packages, removed 860 packages, changed 245 packages, and audited 1735 packages in 28s
207 packages are looking for funding
run npm fund for details
lodash.template <4.5.0
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
fix available via npm audit fix --force
Will install gulp@4.0.2, which is a breaking change
node_modules/lodash.template
gulp-util >=1.1.0
Depends on vulnerable versions of lodash.template
node_modules/gulp-util
gulp 2.6.1 - 3.9.1
Depends on vulnerable versions of gulp-util
Depends on vulnerable versions of vinyl-fs
node_modules/gulp
minimatch <3.0.2
Severity: high
Regular Expression Denial of Service in minimatch - https://github.com/advisories/GHSA-hxm2-r34f-qmc5
fix available via npm audit fix --force
Will install gulp@4.0.2, which is a breaking change
node_modules/glob-stream/node_modules/minimatch
node_modules/globule/node_modules/minimatch
glob 3.0.0 - 5.0.14
Depends on vulnerable versions of minimatch
node_modules/glob-stream/node_modules/glob
node_modules/globule/node_modules/glob
glob-stream 0.2.0 - 5.2.0
Depends on vulnerable versions of glob
Depends on vulnerable versions of minimatch
node_modules/glob-stream
vinyl-fs <=1.0.0
Depends on vulnerable versions of glob-stream
Depends on vulnerable versions of glob-watcher
node_modules/vinyl-fs
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via npm audit fix --force
Will install react-scripts@2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
17 vulnerabilities (13 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
PS C:\xampp\htdocs\creative_tim\notus_react_admin> npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit Updating postcss to 2.2.19,which is outside your stated dependency range. npm WARN audit Updating react-scripts to 5.0.1,which is a SemVer major change. npm WARN audit Updating tailwindcss to 2.2.19,which is outside your stated dependency range. npm WARN audit Updating gulp to 3.9.1,which is a SemVer major change. npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: notus-react@1.1.0 npm WARN Found: postcss@8.2.8 npm WARN node_modules/postcss npm WARN peer postcss@"^8.1.0" from autoprefixer@10.2.5 npm WARN node_modules/autoprefixer npm WARN peer autoprefixer@"^10.0.2" from tailwindcss@2.0.4 npm WARN node_modules/tailwindcss npm WARN 1 more (the root project) npm WARN 5 more (postcss-js, postcss-safe-parser, purgecss, tailwindcss, the root project) npm WARN npm WARN Could not resolve dependency: npm WARN peer postcss@"^8.1.0" from autoprefixer@10.2.5 npm WARN node_modules/autoprefixer npm WARN peer autoprefixer@"^10.0.2" from tailwindcss@2.0.4 npm WARN node_modules/tailwindcss npm WARN 1 more (the root project) npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: tailwindcss@2.2.19 npm WARN Found: peer postcss@"^8.0.9" from tailwindcss@2.2.19 npm WARN node_modules/tailwindcss npm WARN tailwindcss@"2.2.19" from the root project npm WARN npm WARN Could not resolve dependency: npm WARN peer postcss@"^8.0.9" from tailwindcss@2.2.19 npm WARN node_modules/tailwindcss npm WARN tailwindcss@"2.2.19" from the root project npm WARN npm WARN Conflicting peer dependency: postcss@8.4.14 npm WARN node_modules/postcss npm WARN peer postcss@"^8.0.9" from tailwindcss@2.2.19 npm WARN node_modules/tailwindcss npm WARN tailwindcss@"2.2.19" from the root project npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: tailwindcss@2.2.19 npm WARN Found: peer postcss@"^8.2.14" from postcss-nested@5.0.6 npm WARN node_modules/tailwindcss/node_modules/postcss-nested npm WARN postcss-nested@"5.0.6" from tailwindcss@2.2.19 npm WARN node_modules/tailwindcss npm WARN npm WARN Could not resolve dependency: npm WARN peer postcss@"^8.2.14" from postcss-nested@5.0.6 npm WARN node_modules/tailwindcss/node_modules/postcss-nested npm WARN postcss-nested@"5.0.6" from tailwindcss@2.2.19 npm WARN node_modules/tailwindcss npm WARN deprecated natives@1.1.6: This module relies on Node.js's internals and will break at some point. Do not use it, and update to graceful-fs@4.x. npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5 npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
added 375 packages, removed 860 packages, changed 245 packages, and audited 1735 packages in 28s
207 packages are looking for funding run
npm fund
for detailsnpm audit report
lodash <=4.17.20 Severity: critical Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574 Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9 Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw fix available via
npm audit fix
node_modules/globule/node_modules/lodash globule <=1.1.0 Depends on vulnerable versions of glob Depends on vulnerable versions of lodash Depends on vulnerable versions of minimatch node_modules/globule gaze 0.4.0 - 1.0.0 Depends on vulnerable versions of globule node_modules/gaze glob-watcher <=2.0.0 Depends on vulnerable versions of gaze node_modules/glob-watcherlodash.template <4.5.0 Severity: critical Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 fix available via
npm audit fix --force
Will install gulp@4.0.2, which is a breaking change node_modules/lodash.template gulp-util >=1.1.0 Depends on vulnerable versions of lodash.template node_modules/gulp-util gulp 2.6.1 - 3.9.1 Depends on vulnerable versions of gulp-util Depends on vulnerable versions of vinyl-fs node_modules/gulpminimatch <3.0.2 Severity: high Regular Expression Denial of Service in minimatch - https://github.com/advisories/GHSA-hxm2-r34f-qmc5 fix available via
npm audit fix --force
Will install gulp@4.0.2, which is a breaking change node_modules/glob-stream/node_modules/minimatch node_modules/globule/node_modules/minimatch glob 3.0.0 - 5.0.14 Depends on vulnerable versions of minimatch node_modules/glob-stream/node_modules/glob node_modules/globule/node_modules/glob glob-stream 0.2.0 - 5.2.0 Depends on vulnerable versions of glob Depends on vulnerable versions of minimatch node_modules/glob-stream vinyl-fs <=1.0.0 Depends on vulnerable versions of glob-stream Depends on vulnerable versions of glob-watcher node_modules/vinyl-fsnth-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via
npm audit fix --force
Will install react-scripts@2.1.3, which is a breaking change node_modules/svgo/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/svgo/node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo @svgr/plugin-svgo <=5.5.0 Depends on vulnerable versions of svgo node_modules/@svgr/plugin-svgo @svgr/webpack 4.0.0 - 5.5.0 Depends on vulnerable versions of @svgr/plugin-svgo node_modules/@svgr/webpack react-scripts >=2.1.4 Depends on vulnerable versions of @svgr/webpack node_modules/react-scripts17 vulnerabilities (13 high, 4 critical)
To address issues that do not require attention, run: npm audit fix
To address all issues (including breaking changes), run: npm audit fix --force