所以,我有这个软件包。
"micromatch": {
"version": "2.3.11",
"resolved": "https://registry.npmjs.org/micromatch/-/micromatch-2.3.11.tgz",
"integrity": "sha1-hmd8l9FyCzY0MdBNDRUpO9OMFWU=",
"requires": {
"arr-diff": "^2.0.0",
"array-unique": "^0.2.1",
"braces": "^1.8.2",
"expand-brackets": "^0.1.4",
"extglob": "^0.3.1",
"filename-regex": "^2.0.0",
"is-extglob": "^1.0.0",
"is-glob": "^2.0.1",
"kind-of": "^3.0.2",
"normalize-path": "^2.0.1",
"object.omit": "^2.0.0",
"parse-glob": "^3.0.4",
"regex-cache": "^0.4.2"
}
}
漏洞是:" braces":"^1.8.2",当我进行NPM审核时,它说它固定在2.3.1,但我似乎无法更新它,或者只是不知道如何。
我尝试过的东西:
- NPM同时安装微型匹配和括号,然后进行NPM审核修复。
- npm安装&&NPM卸载了MicroMatch和Bracs,然后运行NPM Update
- 删除node_modules和package -lock.json并执行npm i -f
- 编辑软件包 - 洛克。)
从NPM依赖关系中我可能不了解一些事情。那么我该如何解决?
编辑为package.json
{
"name": "project",
"version": "0.1.0",
"private": true,
"dependencies": {
"@material-ui/core": "^3.9.2",
"@material-ui/icons": "^3.0.2",
"micromatch": "^3.1.10",
"prop-types": "latest",
"react": "^16.8.2",
"react-async-component": "^2.0.0",
"react-dom": "^16.8.2",
"react-scripts": "^2.1.5",
"typeface-roboto": "0.0.54"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test",
"eject": "react-scripts eject"
},
"eslintConfig": {
"extends": "react-app"
},
"browserslist": [
">0.2%",
"not dead",
"not ie <= 11",
"not op_mini all"
],
"devDependencies": {
"react-router-dom": "^4.3.1"
}
}
您需要将MicroMatch模块升级到最新版本3.1,因此漏洞是因为您使用的Micromatch 2.3.11使用了较旧版本的括号。Braces版本已在Micromatch的最新版本中升级,因此只需升级您的Micromatch模块即可。那将解决您的问题。
升级,
- 在主包中替换您的MicroMatch版本。它。
- 删除软件包洛克.json文件
- 做npm i
MicroMatch升级括号模块-https://github.com/micromatch/micromatch/commit/commit/commit/cmmit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/commit/compromatch
请参阅此提示。