find/generate npmjs integrity for bootstrap 4.3.1

Question

im totally lost.. i run static site using github and netlify, and i got email from github today saying:

Known moderate severity security vulnerability detected in bootstrap

= 4.0.0, < 4.3.1 defined in package-lock.json. package-lock.json update suggested: bootstrap ~> 4.3.1.

i look into my package-lock.json and found this lines

"bootstrap": {
            "version": "4.2.1",
            "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-4.2.1.tgz",
            "integrity": "blah-blah-blah-random-char"

i assume i should change my bootstrap version to lastest one, but i cant find the "integrity" i will appreciate any help or clue..

score 0 · Answer 1 · answered Mar 05 '19 at 03:11

0

package-lock.json is auto-generated file. You need to edit just package.json and don't touch anything in the package-lock.json.

package.json

...
"dependencies": {
  "bootstrap": "^4.3.1",
...

...

and run npm install.

answered Mar 05 '19 at 03:11

zmag

7,825
12
32
42

score 0 · Accepted Answer · answered Mar 05 '19 at 06:19

0

your package-lock.json is auto generated on npm so you need edit package.json file only don't touch package-lock.json !

  ...
    "dependencies": {
      "bootstrap": "^4.3.1",
    ...

and you just run npm install

answered Mar 05 '19 at 06:19

KushKim

16

find/generate npmjs integrity for bootstrap 4.3.1

2 Answers2