I cloned ParaViewWeb from https://github.com/kitware/paraviewweb then did the following;-
$ npm install
$ npm audit fix
Leaving me with this:
found 42 vulnerabilities (9 low, 23 moderate, 10 high) in 41716 scanned packages
14 vulnerabilities require semver-major dependency updates.
28 vulnerabilities require manual review.
How do I fix the 14 vulnerabilities that require semver-major dependency updates?
Try running npm update command. It will update all the package minor versions to the latest and may fix potential security issues. If you have a vulnerability that requires manual review, you will have to raise a request to the maintainers of the dependent package to get an update.
It's probably because package management for even a medium-sized project is a constant battle, as new vulnerabilities are being discovered every day. What if you run npm audit fix ?
If you are already sure that you need to run all that updates then use:
npm audit fix --force
From npm Docs
If the chain of metavulnerabilities extends all the way to the root project, and it cannot be updated without changing its dependency ranges, then npm audit fix will require the --force option to apply the remediation. If remediations do not require changes to the dependency ranges, then all vulnerable packages will be updated to a version that does not have an advisory or metavulnerability posted against it.
When you run npm audit
, there should be a line telling you how to update it, e.g.:
# Run npm install --save-dev [email protected] to resolve 1 vulnerability
# SEMVER WARNING: Recommended action is a potentially breaking change
Just execute that to fix it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With