Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Security vulnerability from npm audit #52

Closed
sudip-mondal-2002 opened this issue Apr 27, 2022 · 6 comments · Fixed by #170
Closed

Fix Security vulnerability from npm audit #52

sudip-mondal-2002 opened this issue Apr 27, 2022 · 6 comments · Fixed by #170
Assignees
@its-ayush-07
Labels
bug Something isn't working dependencies Pull requests that update a dependency file SEO Attention needed for the search engine optimization

Comments

@sudip-mondal-2002
Copy link
Member

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

  1. Go to root directory of the project
  2. Run 'npm audit'
  3. See error

Expected behavior
There should be 0 vulnerabilities

Additional context
npm audit fix won't help. It needs manual reviews
@sudip-mondal-2002 sudip-mondal-2002 added bug Something isn't working dependencies Pull requests that update a dependency file SEO Attention needed for the search engine optimization labels Apr 27, 2022
@its-ayush-07
Copy link
Contributor

@sudip-mondal-2002 I am interested to work on this issue.

Screenshot (25)

After manually reviewing, I found that upgrading the npm version from "^6.14.16" to "^8.19.2", fixes 12 out of 13 vulnerabilities, as you can see in the above screenshot. Also, it is not a breaking change as the application runs smoothly after the upgrade.

So, shall I open a PR with the above changes?

@sudip-mondal-2002
Copy link
Member Author

after updating npm version have you checked if the project is running? i don't think so.

@its-ayush-07
Copy link
Contributor

after updating npm version have you checked if the project is running? i don't think so.

Yes, I ran the following in the root directory after updating the version:
npm run dev-install
npm start

and the project is running fine.

@sudip-mondal-2002
Copy link
Member Author

have you updated npm version in all the folders? root directory, api and app?

@its-ayush-07
Copy link
Contributor

have you updated npm version in all the folders? root directory, api and app?

Screenshot (26)

Yes, I've updated it in all the folders and it works fine. Still, you can check it in your local system to verify.

@sudip-mondal-2002
Copy link
Member Author

ok please create a pull request.

@its-ayush-07 its-ayush-07 mentioned this issue Oct 12, 2022
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@its-ayush-07 its-ayush-07

Labels
bug Something isn't working dependencies Pull requests that update a dependency file SEO Attention needed for the search engine optimization
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Fix dependency security vulnerabilities its-ayush-07/portfolioshop
2 participants
@sudip-mondal-2002 @its-ayush-07