'How to fix node.js vulnerabilities
Below are the vulnerabilities that I get:
-You can see that all vulnerabilities depend on node-fetch <=2.6.6 When I look upon how to fix it on GitHub it says that versions lower than 2.6.1 need to be updated. Yet my version is 2.6.6 and I'm still getting a vulnerability message. Are there any possible ways of fixing this? Another issue is that I can't seem to find it in package-lock.json folder either and I'm unable to update/change it manually. I've tried uninstalling the entire package-lock.json and reinstalling it, and I'm still stuck with this vulnerability message. Thanks to anyone who can help!
Severity: high
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
No fix available
node_modules/isomorphic-fetch/node_modules/node-fetch
Depends on vulnerable versions of node-fetch
node_modules/isomorphic-fetch
fbjs 0.7.0 - 1.0.0
Depends on vulnerable versions of isomorphic-fetch
node_modules/fbjs
fbemitter 2.0.3 - 3.0.0-alpha.1
Depends on vulnerable versions of fbjs
node_modules/fbemitter
expo >=14.0.0
Depends on vulnerable versions of fbemitter
node_modules/expo
Depends on vulnerable versions of fbemitter
node_modules/expo-updates```
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|