AlexGustafsson
commented
4 years ago Seems like this is fixed in webpack-dev-server now.
Closed AlexGustafsson closed 4 years ago
AlexGustafsson
commented
4 years ago Seems like this is fixed in webpack-dev-server now.
egoist
commented
4 years ago Nice, reinstall poi and the warning should go away.
syhnserkan
commented
4 years ago is this issue fix it ? I updated the webpack-dev-server but I took the same issue. Help me please.
sonikamah
commented
4 years ago is this issue fix it ? I updated the webpack-dev-server but I took the same issue. Help me please.
same here , I am also getting the error. Please let me know If you got the solution.
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidanceLow Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of react-scripts
Path react-scripts > webpack-dev-server > yargs > yargs-parser
egoist
commented
4 years ago @sonikamah why is there react-scripts? we don't use at.
It works for me:
sonikamah
commented
4 years ago @sonikamah why is there react-scripts? we don't use at.
It works for me:
I am using React for my web application. so 'react-scripts' is a part of 'dependencies' in package.json
egoist
commented
4 years ago @sonikamah then that's an issue of react-scripts
Oussa-star
commented
4 years ago is this issue fix it ? I updated the webpack-dev-server but I took the same issue. Help me please.
same here , I am also getting the error. Please let me know If you got the solution.
=== npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additional guidanceLow Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of react-scripts
Path react-scripts > webpack-dev-server > yargs > yargs-parser
me too I have the same problem !! have you solved it ?
aliimraan
commented
4 years ago im also getting the same issue....how to fix this ??? help me plzzzz
nidhigupta09
commented
4 years ago is anyone got any solution for above issue actually i have same problem. please help if you got any solution.
sonikamah
commented
4 years ago You can resolve this by updating you package-lock.json file
Update yargs-parser 11.1 to 13.1.2 in all instances.
Also in that file, anywhere that you find yargs-parser been included with a version and a registry link, update it to the 13.1.2 using the details below
"version": "13.1.2", "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz", "integrity": "sha512-3lbsNRf/j+A4QuSZfDRA7HRSfWrzO0YjqTJd5kjAq37Zep1CEgaYmrH9Q3GwPiB9cHyd1Y1UwggGhJGoxipbzg==",
This is how I resolve this in our CI/CD pipeline
On Sun, 28 Jun 2020 at 7:17 PM, NIDHI GUPTA notifications@github.com wrote:
is anyone got any solution for above issue actually i have same problem. please help if you got any solution.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/egoist/poi/issues/689#issuecomment-650761700, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACBK5CH75XC3ZICJNOUY5NDRY5CXNANCNFSM4MYQZAGA .
-- Sent from I phone
karlosbenito
commented
4 years ago @sonikamah thank you, your answer works fine.
Since May 1st yargs-parser has been reported as vulnerable via npm audit. It has not yet been fixed in webpack-dev-server but
To fix this issue of poi being reported as vulnerable, webpack-dev-server will need to be updated once fixed. This issue tracks the process: https://github.com/webpack/webpack-dev-server/issues/2559.
I've tried to see if there's any similar issue already opened, but failed to find any. So please forgive me if this is a duplicate.
Output of
npm audit: