You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There always be an eventsoure version 1.1.1 reference in the packages-lock.json and this package will be download to node_modules nested folder of signalr package folder.
Manually install version 2.0.2 to my packages.json dependencies not solving the problem, please help upgrade packages or share the steps to mitigate on our side.
Which is causing the Governance alerting with below error:
Root dependencies for eventsource
@microsoft/signalr 6.0.5
@microsoft/signalr-protocol-msgpack 6.0.5
Recommendation
Upgrade to version eventsource - 2.0.2
If you are using NPM 6 or above, you can run npm audit fix on your local machine to fix vulnerabilities. For more info, please visit https://docs.npmjs.com/cli/audit
And here is the quick view of the packages-lock.json file generated:
"node_modules/@microsoft/signalr/node_modules/eventsource": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/eventsource/-/eventsource-1.1.1.tgz",
"integrity": "sha512-qV5ZC0h7jYIAOhArFJgSfdyz6rALJyb270714o7ZtNnw2WSJ+eexhKtE0O8LYPRsHZHf2osHKZBxGPvm3kPkCA==",
"dependencies": {
"original": "^1.0.0"
},
"engines": {
"node": ">=0.12.0"
}
},
Expected Behavior
No response
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Describe the bug
There always be an eventsoure version 1.1.1 reference in the packages-lock.json and this package will be download to node_modules nested folder of signalr package folder.
Manually install version 2.0.2 to my packages.json dependencies not solving the problem, please help upgrade packages or share the steps to mitigate on our side.
Which is causing the Governance alerting with below error:
Root dependencies for eventsource
@microsoft/signalr 6.0.5
@microsoft/signalr-protocol-msgpack 6.0.5
Recommendation
Upgrade to version eventsource - 2.0.2
If you are using NPM 6 or above, you can run npm audit fix on your local machine to fix vulnerabilities. For more info, please visit https://docs.npmjs.com/cli/audit
And here is the quick view of the packages-lock.json file generated:
"node_modules/@microsoft/signalr/node_modules/eventsource": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/eventsource/-/eventsource-1.1.1.tgz",
"integrity": "sha512-qV5ZC0h7jYIAOhArFJgSfdyz6rALJyb270714o7ZtNnw2WSJ+eexhKtE0O8LYPRsHZHf2osHKZBxGPvm3kPkCA==",
"dependencies": {
"original": "^1.0.0"
},
"engines": {
"node": ">=0.12.0"
}
},
Expected Behavior
No response
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: