无法升级依赖大版本如何修复npm中的漏洞?
[英]How to fix the vulnerabilities in npm if I cannot upgrade the major version of dependency?
问题描述
I have a high risk vulnerability from npm audit --production .
我有一个来自npm audit --production的高风险漏洞。 This is dependency of snowflake-sdk.这是 snowflake-sdk 的依赖。 But I checked snowflake github it has "requestretry": "^6.0.0" in the package.json which mean it doesn't support requestretry 7.0.0.但是我检查了snowflake github它在 package.json 中有"requestretry": "^6.0.0"这意味着它不支持 requestretry 7.0.0。 Is there any other way to fix this vulnerability?有没有其他方法可以修复这个漏洞? What if I upgrade requestretry to 7.0.0?如果我将 requestretry 升级到 7.0.0 会怎样?
I am very new to npm and javascript, any help is appreciated!我是 npm 和 javascript 的新手,非常感谢您的帮助!
1 个解决方案
解决方案1
0 已采纳 2022-03-07 06:43:39
I think snowflake just fixed the issue:我认为雪花刚刚解决了这个问题:
"requestretry": "^7.0.1",
https://github.com/snowflakedb/snowflake-connector-nodejs/blob/master/package.json https://github.com/snowflakedb/snowflake-connector-nodejs/blob/master/package.json
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.