2

I have a package.json (some private data removed) as follows:

{
  "dependencies": {
    "@fluentui/react": "^8.49.6",
    "@testing-library/react": "^12.1.2",
    "@testing-library/user-event": "^13.5.0",
    "@types/node": "^17.0.8",
    "@types/react": "^17.0.38",
    "@types/react-dom": "^17.0.11",
    "axios": "^0.24.0",
    "http-proxy-middleware": "^2.0.1",
    "prettier": "^2.5.1",
    "react": "^17.0.2",
    "react-scripts": "^5.0.1",
    "typescript": "^4.5.5",
    "web-vitals": "^2.1.3"
  },
  "scripts": {
    "start": "HTTPS=true react-scripts start",
    "build": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject",
    "lint": "eslint . --ext .tsx --ext .js"
  },
  "devDependencies": {
    "@types/content-disposition": "^0.5.4",
    "@typescript-eslint/eslint-plugin": "^4.0.0",
    "@typescript-eslint/parser": "^4.33.0",
    "eslint": "^7.32.0",
    "eslint-config-standard": "^16.0.3",
    "eslint-plugin-import": "^2.25.4",
    "eslint-plugin-node": "^11.1.0",
    "eslint-plugin-promise": "^5.2.0",
    "eslint-plugin-react": "^7.28.0"
  },
  "browserslist": {
    "production": [
      ">0.2%",
      "not dead",
      "not op_mini all"
    ],
    "development": [
      "last 1 chrome version",
      "last 1 firefox version",
      "last 1 safari version"
    ]
  }
}

Previously I had a 2.x.x version for react-scripts which resulted in 28 vulnerabilities, I changed that to 5.0.1 to fix many of the issue that were output. However, I am now stuck with the following and I am not sure how to read the hierarchy or how to go about fixing it as running npm audit fix --force creates 69 vulnerabilities.

fix available via `npm audit fix --force`
Will install react-scripts@2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          node_modules/react-scripts

Any help would be greatly appreciated.

alphadmon
  • 396
  • 4
  • 17

0 Answers0