科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - glob-parent: Regular expression denial of service - Stack Overflow

    javascript - glob-parent: Regular expression denial of service - Stack Overflow

    programmeradmin2浏览0评论

    I got my build broken because yarn audit says there is a vulnerability in my dependencies:

    yarn audit
yarn audit v1.22.5
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ webpack-dev-server                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ webpack-dev-server > chokidar > glob-parent                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │                         │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 819
Severity: 1 Moderate
Done in 0.67s.

Exited with code exit status 4

    I got my build broken because yarn audit says there is a vulnerability in my dependencies:

    yarn audit
yarn audit v1.22.5
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ webpack-dev-server                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ webpack-dev-server > chokidar > glob-parent                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs./advisories/1751                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 819
Severity: 1 Moderate
Done in 0.67s.

Exited with code exit status 4
    • javascript
    • yarnpkg
    Share Improve this question edited Jun 8, 2021 at 22:57 jonrsharpe 122k30 gold badges268 silver badges476 bronze badges asked Jun 8, 2021 at 21:09 DorianDorian 9,2405 gold badges51 silver badges71 bronze badges
    Add a ment  | 

    2 Answers 2

    Reset to default 1

    May be the best solution will be upgrade webpack-dev-server to version 4. Chokidar was updated there. Also, as mentioned here, version 4 is RC now, stable release will be in very near future. https://github./webpack/webpack-dev-server/issues/3407#issuement-884525530

    in your package.json add:

      "resolutions": {
    "glob-parent": "5.1.2"
  }

    and you can ignore the warning:

    warning Resolution field "[email protected]" is inpatible with requested version "glob-parent@^3.1.0"

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论