You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I recently created a vite boilerplate and while starting the project I saw there are some outdated packages :
up to date, audited 863 packages in 2s
167 packages are looking for funding
run `npm fund` for details
# npm audit report
axios 0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix`
node_modules/axios
@ory/client *
Depends on vulnerable versions of axios
node_modules/@ory/client
@refinedev/devtools-server *
Depends on vulnerable versions of @ory/client
Depends on vulnerable versions of @refinedev/devtools-ui
node_modules/@refinedev/devtools-server
@refinedev/cli >=2.16.2
Depends on vulnerable versions of @refinedev/devtools-server
Depends on vulnerable versions of semver
node_modules/@refinedev/cli
@refinedev/devtools-ui *
Depends on vulnerable versions of @ory/client
node_modules/@refinedev/devtools-ui
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@refinedev/cli/node_modules/semver
6 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
I attempted to run npm audit fix. It fixed some depricated packages but it didn't resolve the issue of vulnerabilities. Consequently, I added --force option; However, this wasn't effective as well.
Again, I attempted to delete node-modules and package-lock.json and running npm i. Yet again the issue persisted. I believe some of these packages are being used internally by refine.
Steps To Reproduce
Stated fully above
Expected behavior
expected vulnerabilities to be fixed
Screenshot
Desktop
No response
Mobile
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered:
Hey @NB071, thank you for reporting! Looks like all the warnings are coming from packages with development purposes. It should be fine and not related with any production builds since both @refinedev/cli and @refinedev/devtools-server is not included in the bundles. To address the warnings, I think there should be changes made to the packages rather than trying to solve it per project. We can update @ory/client and semver if there are versions released with the related fixes.
Describe the bug
I recently created a vite boilerplate and while starting the project I saw there are some outdated packages :
I attempted to run
npm audit fix
. It fixed some depricated packages but it didn't resolve the issue of vulnerabilities. Consequently, I added--force
option; However, this wasn't effective as well.Again, I attempted to delete node-modules and package-lock.json and running
npm i
. Yet again the issue persisted. I believe some of these packages are being used internally by refine.Steps To Reproduce
Stated fully above
Expected behavior
expected vulnerabilities to be fixed
Screenshot
Desktop
No response
Mobile
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: