Rudraksh Laddha
Reputation: 11
I cannot fix vulnerabilities even with npm audit fix --force
# npm audit report
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/nodemon/node_modules/simple-update-notifier/node_modules/semver
simple-update-notifier 1.0.7 - 1.1.0
Depends on vulnerable versions of semver
node_modules/nodemon/node_modules/simple-update-notifier
nodemon 2.0.19 - 2.0.22
Depends on vulnerable versions of simple-update-notifier
node_modules/nodemon
3 moderate severity vulnerabilities
when I try to start installation of mern app, the vulnerabilities come up, and even it not solved by npm audit fix, even when I reinstall the simple-update-notifier, the error is not resolved, so please help me because in this types error is already wasted my 3 days
Upvotes: 1
Views: 107