如何通过人工审核修复这些漏洞?
[英]How to fix these vulnerabilities by manual review?
问题描述
I did npm audit and npm audit fix .
我做了npm audit和npm audit fix 。
But some vulnerabilities needs manual review.但有些漏洞需要人工审查。
So, How to upgrade these packgaes by manually?那么,如何手动升级这些包? These packages needs manual upgrade.这些包需要手动升级。
1 个解决方案
解决方案1
1 2020-10-13 21:36:17
The audit command will install semver-major updates when the --force flag is used.使用--force标志时,audit 命令将安装 semver-major 更新。 This is not default behavior because it may introduce breaking changes in updated dependencies.这不是默认行为,因为它可能会在更新的依赖项中引入重大更改。
npm audit fix --force
Alternatively, you can manually update a specific dependency with an install command.或者,您可以使用安装命令手动更新特定依赖项。
npm install uglifyjs-webpack-plugin@latest --save-dev
In this particular case, uglifyjs-webpack-plugin is deprecated and suggests terser-webpack-plugin as an alternative.在这种特定情况下,uglifyjs-的WebPack-插件已被弃用,表明更简洁-的WebPack-插件作为替代。 You may want to use that package instead.您可能想改用该包。
npm uninstall uglifyjs-webpack-plugin --save-dev
npm install terser-webpack-plugin --save-dev
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.