New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Found 9 high severity vulerablilities" #21996
Comments
Could you share the full alert? It'll be helpful for us to debug.
Not necessarily. These bugs tend to range from various attack vectors, and it could simply be a devDependency (which wouldn't make its way into production code). This being said, it is probably a good idea to try and get them fixed, so thanks for opening this!
This may be the root of the problem. What do you mean "would not install," exactly? |
Thank you for reply! Here's what I get when I try to load a the gatsby-source-filesystem in my project folder
and when I run npm audit fix:
|
and then when I would try to enter the plugin into my .config, node modules would not be able to locate the files. In the case of the laptop, I actually haven't tried loading it into the config yet. I just wanted to me sure before I went ahead and usedanything with severe vulnerabilities. Still new to this. |
Again, thank you for the reply. |
A bit more info: all 9 audit errors are produced by the same upstream dependency
We depend on it indirectly - via 9 sharp dependencies. I guess we can only wait when the fix for this is released and upgrade deps after this. |
But this is a duplicate of #21791 So I am going to close this one. Let's keep the discussion around it in one place. |
@jordanlesich |
BUG:
Command prompt discovers high severity vulnerabilities when installing plugins.
I am running Windows OS 18362.592. Gatsby CLI was npm installed today. Node is version 12.14.1
I am recieving this alert when I install a plugin. The plugin was the gatsby-source-filesystem, but it doesn't really matter becuase I tested it out with different plugins and recieved the same alerts.
I ran npm audit and recieved this:
I'm new to Gatsby. I'm assuming that a 'high severity vulerability' probably means I should wait for this to be fixed before putting together a project, right?
Also, my desktop simply would not install any Gatsby plugin. There isn't much in the way of shared software on either machine. Both machines have no problem running other Node apps, React, or CRA. This could be the same problem, but I'm not sure at all.
The text was updated successfully, but these errors were encountered: