Javascript 余烬如何更新NPM包清洁css
Javascript 余烬如何更新NPM包清洁css,javascript,npm,npm-install,clean-css,Javascript,Npm,Npm Install,Clean Css,NPM Audit显示clean css中存在一个低级漏洞,该漏洞在=4.1.11中修补 === npm audit security report === Manual Review Some vulnerabilities require your attention t
NPM Auditclean css=4.1.11 === npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Regular Expression Denial of Service
Package clean-css
Patched in >=4.1.11
Dependency of ember-cli [dev]
broccoli-clean-css > clean-css-promise > clean-css
More info https://npmjs.com/advisories/785
NPM list clean css+-- clean-css@4.2.3
`-- ember-cli@3.16.0
`-- ember-cli-preprocess-registry@3.3.0
`-- broccoli-clean-css@1.1.0
`-- clean-css-promise@0.1.1
`-- clean-css@3.4.28
npm审核修复程序npm-outlodesncu -u
npm update
npm install
npm update --save-dev clean-css-promise
npm update --save-dev broccoli-clean-css
npm update --save-dev clean-css-promise
npm install
ncu -u
npm update
npm install
npm update --save-dev clean-css-promise
npm update --save-dev broccoli-clean-css
npm update --save-dev clean-css-promise
npm install
ncu -u
npm update
npm install
npm update --save-dev clean-css-promise
npm update --save-dev broccoli-clean-css
npm update --save-dev clean-css-promise
npm install
所以你可能对此无能为力,你只能任由你的依赖关系摆布 您只能更新您控制的,在本例中是ember cli。如果您无法更新该版本,或者处于最新版本,那么您将一直等待其他软件包维护人员在其依赖项中修复它(如果他们需要这些软件包,ember cli将一直等待,依此类推)
同时,正如其中一条评论所建议的那样,请保持冷静。您需要等待相关软件包声明它们与之兼容。同时,忽略它——这只是一个漏洞,如果你在用户输入上使用干净的css,你可能不是。我明白了。我不确定是否有什么东西需要我去改变自己。我将等待将来的版本更新它们的依赖项。到目前为止,我还不能授予赏金——显然,我是想让它烤起来,以便给其他人一个参与的机会。