stackoom
  简体   繁体   中英

How to fix the vulnerabilities in npm if I cannot upgrade the major version of dependency?

 原文  2022-03-04 05:59:01       javascript/ node.js/ security/ npm/ audit

Question

I have a high risk vulnerability from npm audit --production . This is dependency of snowflake-sdk. But I checked snowflake github it has "requestretry": "^6.0.0" in the package.json which mean it doesn't support requestretry 7.0.0. Is there any other way to fix this vulnerability? What if I upgrade requestretry to 7.0.0?

在此处输入图像描述

I am very new to npm and javascript, any help is appreciated!

1 answers

solution1
 0 ACCPTED  2022-03-07 06:43:39

I think snowflake just fixed the issue:

"requestretry": "^7.0.1",

https://github.com/snowflakedb/snowflake-connector-nodejs/blob/master/package.json

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to fix NPM high severity vulnerabilities? (Pollution) Fix vulnerabilities in NPM manually NPM peerDependencies how to specify major version range npm - how to upgrade transitive dependencies to a specific newer version? (inorder to fix cve) How to resolve NPM audit vulnerabilities? How to fix npm peer dependency issue? How to fix this npm install dependency issue? How to fix XSS vulnerabilities on javascript? How to fix these vulnerabilities by manual review? NPM dependency version marked as *
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM