1

I have lost 1 day in order to try to fix manually fews high vulnerabilities. It was a waste of time.

I've read many post, blog and suggestion but I was unable to fix the problem.

Basically /css-what require an update to version 5.0.1 and the npm audit is telling that

│ Dependency of │ gulp-imagemin [dev]  
                                    
│ Path          │ gulp-imagemin > imagemin-svgo > svgo > css-select > 
                | css-what

I've run (on gulp-imagemin) the command npm update, then navigate to the next folder (imagemin-svgo) and again npm update etc etc. When I arrive to the css-what root, I run again npm update but it doesn't do anything;

Then I modified my package.json according

"resolutions": {
"trim-newlines": "^4.0.1",
"css-what": "^5.0.1",
"scripts": {
  "preinstall": "npx npm-force-resolutions"
}

}

I went back to the main root to run npm i but it doesn't amended all branches; Besides when I run npm ls css-what or npm ls trim-newlines I can see that the new version has been installed on the node_modules but older version still unchanged on the tree

root/tree

I was following https://hackernoon.com/how-fix-security-vulnerabilities-in-npm-dependencies-in-3-minutes-rq9g3y7u post but it doesn't worked for some reason, most probably my inexperience.

Thanks for your help

Improve this question

2 Answers 2

Reset to default
0

To fix vulnerability you can try :

npm audit -fix

To update you can also use npm-check-updates

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Hi, npm audit fix did not fixed anything, i forgot to add it to my post. Thanks
try install npm-check-updates and type ncu -u gulp-imagemin and finish with npm i.
Or if you want to update all packages you type ncu -u
After this command you type npm i. try this to see.
Hi Sega, thanks for yours suggestion. I've ran all commands on all the tree. Referencing to the image, I've tried on gulp-sass folder, on meow's folder and on the same trim-newlines. It looks that all dependencies are up to date but when I go to the main folder and run npm ls trim-newlines, the version still the old one...
0

npm update css-what worked for me

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.