Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit fails on http-proxy #9017

Closed
sergeicodes opened this issue May 15, 2020 · 7 comments
Closed

npm audit fails on http-proxy #9017

sergeicodes opened this issue May 15, 2020 · 7 comments
Labels
issue: bug report needs triage stale

Comments

@sergeicodes
Copy link

Describe the bug

npm audit fails on http-proxy

Original issue: http-party/node-http-proxy#1446

Did you try recovering your dependencies?

Yes.

npm --version
6.14.5

Which terms did you search for in User Guide?

(Write your answer here if relevant.)

Environment

Environment Info:

  current version of create-react-app: 3.4.1
  running from /Users/sergeikriger/.npm/_npx/73840/lib/node_modules/create-react-app

  System:
    OS: macOS 10.15.3
    CPU: (8) x64 Intel(R) Core(TM) i7-8569U CPU @ 2.80GHz
  Binaries:
    Node: 12.11.1 - ~/.nvm/versions/node/v12.11.1/bin/node
    Yarn: 1.19.0 - /usr/local/bin/yarn
    npm: 6.14.5 - ~/.nvm/versions/node/v12.11.1/bin/npm
  Browsers:
    Chrome: 81.0.4044.138
    Firefox: 76.0.1
    Safari: 13.0.5
  npmPackages:
    react: 16.9.0 => 16.9.0 
    react-dom: 16.9.0 => 16.9.0 
    react-scripts: ^3.4.0 => 3.4.1 
  npmGlobalPackages:
    create-react-app: Not Found

Steps to reproduce

  1. npm audit

Expected behavior

Audit passes.

Actual behavior

Audit fails:

image

Reproducible demo

(Paste the link to an example project and exact instructions to reproduce the issue.)
@vikramdadwal
Copy link

image

@erwanriou
Copy link

+1 same issue here, blocking CI to deploy

@r2d2doomchit r2d2doomchit mentioned this issue May 15, 2020
Closed
@sergeicodes
Copy link
Author

Original issue is fixed and marked as unaffected.

http-party/node-http-proxy#1447 (comment)

@uxtx
Copy link

uxtx commented May 18, 2020

Looks like this version bump is slowly getting propagated up the dependency chain (webpack/webpack-dev-server#2616) - anyone have cycles to look at bumping it for CRA? I can try taking it on if no other takers.

@chimurai
Copy link

chimurai commented May 18, 2020
edited

http-proxy@1.18.1 is now whitelisted: https://www.npmjs.com/advisories/1486/versions

Think if you just refresh/update the lockfiles or reinstall the dependencies you should be able to get the latest http-proxy@1.18.1, without having to wait for webpack-dev-server.

Optionally, with yarn you could also add resolutions to your package.json: https://classic.yarnpkg.com/en/docs/selective-version-resolutions/#toc-how-to-use-it

@stale
Copy link

stale bot commented Jun 17, 2020

This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs.

@stale stale bot added the stale label Jun 17, 2020
@stale
Copy link

stale bot commented Jun 23, 2020

This issue has been automatically closed because it has not had any recent activity. If you have a question or comment, please open a new issue.

@stale stale bot closed this as completed Jun 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue: bug report needs triage stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@chimurai @uxtx @sergeicodes @vikramdadwal @erwanriou