Open Jonathan0wh opened 5 years ago
Do you want to request a feature or report a bug? bug
What is the current behavior? === npm audit security report ===
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > jest-haste-map > micromatch > braces │ More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > metro-cache > metro-core > jest-haste-map > micromatch > braces More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > metro-config > metro-cache > metro-core > jest-haste-map > micromatch > braces │ More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > metro-config > metro-core > jest-haste-map > micromatch > braces More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │
Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > metro-core > jest-haste-map > micromatch > braces │ More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro-core > jest-haste-map > micromatch > braces │ More info │ https://npmjs.com/advisories/786 │
found 6 low severity vulnerabilities in 19725 scanned packages 6 vulnerabilities require manual review. See the full report for details.
Please provide your exact Metro configuration and mention your Metro, node, yarn/npm version and operating system.
package.json:
{ "name": "empty-project-template", "main": "node_modules/expo/AppEntry.js", "private": true, "scripts": { "start": "expo start", "android": "expo start --android", "ios": "expo start --ios", "eject": "expo eject" }, "dependencies": { "expo": "^32.0.6", "prop-types": "^15.7.2", "react": "16.5.0", "react-native": "https://github.com/expo/react-native/archive/sdk-32.0.0.tar.gz", "react-native-autolink": "^1.6.0", "react-native-datepicker": "^1.7.2", "react-native-simple-radio-button": "^2.7.3", "react-native-vector-icons": "^6.3.0", "react-navigation": "^3.3.0", "react-redux": "^6.0.0", "redux": "^4.0.1", "redux-persist": "^5.10.0", "redux-thunk": "^2.3.0" }, "devDependencies": { "babel-eslint": "^10.0.1", "babel-plugin-module-resolver": "^3.2.0", "babel-plugin-transform-react-remove-prop-types": "^0.4.24", "eslint": "^5.14.0", "eslint-config-prettier": "^3.6.0", "eslint-import-resolver-babel-module": "^4.0.0", "eslint-plugin-import": "^2.16.0", "eslint-plugin-prettier": "^3.0.1", "eslint-plugin-react": "^7.12.4", "eslint-plugin-react-native": "^3.6.0", "prettier": "^1.16.4", "redux-devtools": "^3.5.0", "redux-devtools-dock-monitor": "^1.1.3", "redux-devtools-extension": "^2.13.8", "redux-devtools-log-monitor": "^1.4.0" } }
A potential fix would be to publish 0.49.3 with jest 24.0.0 (instead of 24.0.0-alpha.6).
Do you want to request a feature or report a bug? bug
What is the current behavior? === npm audit security report ===
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > jest-haste-map > micromatch > braces │ More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > metro-cache > metro-core > jest-haste-map > micromatch > braces
More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > metro-config > metro-cache > metro-core > jest-haste-map > micromatch > braces │ More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > metro-config > metro-core > jest-haste-map > micromatch > braces
More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │
Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro > metro-core > jest-haste-map > micromatch > braces │ More info │ https://npmjs.com/advisories/786 │
Low │ Regular Expression Denial of Service │ Package │ braces │ Patched in │ >=2.3.1 │ Dependency of │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ Path │ 5395c116ad87da5cbe069ce6e2624dfdb903cb8284e1b0d46f6f319cc22… │ │ > metro-core > jest-haste-map > micromatch > braces │ More info │ https://npmjs.com/advisories/786 │
found 6 low severity vulnerabilities in 19725 scanned packages 6 vulnerabilities require manual review. See the full report for details.
Please provide your exact Metro configuration and mention your Metro, node, yarn/npm version and operating system.
package.json: