Github通过以下消息警告漏洞:
将js-yaml升级到3.13.1或更高版本。例如:
"dependencies": { "js-yaml": ">=3.13.1" }
我尝试了以下操作,将js-yaml更新无济于事。
卸载所有节点模块。 npm install和npm install js-yaml将js-yaml 3.13.1添加到package.json
与上述相同,但已删除节点模块文件夹,而不是npm uninstall
npm install {dependency}其中dependency是每个依赖js-yaml的软件包。这适用于我的packag-lock.json
npm audit fix报告了fixed 0 of 8 vulnerabilities in 10114 scanned packages. 8 vulnerabilities required manual review and could not be updated
{
"name": "blackfynn-csv-exporter",
"version": "1.1.7",
"description": "View Timeseries data stored on Blackfynn and export it to csv for OpenCOR",
"main": "build/build.min.js",
"files": [
"package.json",
"LICENSE",
"README.md",
"css",
"js",
"fonts",
"index.html",
"build/build.js",
"build/build.min.js",
"webpack.config.js"
],
"scripts": {
"build": "webpack --mode=none",
"dev": "webpack-dev-server --hot",
"test": "echo \"Error: no test specified\" && exit 1"
},
"repository": {
"type": "git",
"url": "git+https://github.com/tehsurfer/blackfynn-csv-exporter"
},
"keywords": [
"OpenCOR",
"Blackfynn",
"data",
"export"
],
"author": "Jesse Khorasanee <jessekhorasanee@gmail.com>",
"license": "Apache-2.0",
"bugs": {
"url": "https://github.com/tehsurfer/blackfynn-csv-exporter/issues"
},
"homepage": "https://github.com/tehsurfer/blackfynn-csv-exporter",
"devDependencies": {
"file-loader": "^1.1.11",
"html-loader": "^0.5.5",
"ify-loader": "^1.1.0",
"jquery": "^3.4.0",
"perfect-scrollbar": "^1.4.0",
"plotly.js": "^1.48.3",
"popper.js": "^1.14.7",
"raw-loader": "^0.5.1",
"select2": "^4.0.6-rc.1",
"standard": "^12.0.1",
"style-loader": "^0.21.0",
"uglifyjs-webpack-plugin": "^1.2.5",
"url-loader": "^1.0.1",
"webpack": "^4.29.6",
"webpack-cli": "^3.1.1",
"webpack-jquery-ui": "^2.0.1"
},
"dependencies": {
"papaparse": "^4.6.3"
}
}
{
"name": "blackfynn-csv-exporter",
"version": "1.0.14",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"gray-matter": {
"version": "3.1.1",
"resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-3.1.1.tgz",
"integrity": "sha512-nZ1qjLmayEv0/wt3sHig7I0s3/sJO0dkAaKYQ5YAOApUtYEOonXSFdWvL1khvnZMTvov4UufkqlFsilPnejEXA==",
"dev": true,
"requires": {
"extend-shallow": "^2.0.1",
"js-yaml": "^3.10.0",
"kind-of": "^5.0.2",
"strip-bom-string": "^1.0.0"
},
"dependencies": {
"esprima": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
"integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
"dev": true
},
"extend-shallow": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
"integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
"dev": true,
"requires": {
"is-extendable": "^0.1.0"
}
},
"js-yaml": {
"version": "3.13.1",
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz",
"integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==",
"dev": true,
"requires": {
"argparse": "^1.0.7",
"esprima": "^4.0.0"
}
},
"kind-of": {
"version": "5.1.0",
"resolved": "https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz",
"integrity": "sha512-NGEErnH6F2vUuXDh+OlbcKW7/wOcfdRHaZ7VWtqCztfHri/++YKmP51OdWeGPuqCOba6kk2OTe5d02VmTB80Pw==",
"dev": true
}
},
//...
}
}
}
有人知道如何解决此漏洞吗?