parse-react Depends on old version of react-native cli with vulnerabilities in transitive dependencies

Depends on old version of react-native cli with vulnerabilities in transitive dependencies

Open markxnelson opened this issue 3 years ago • 0 comments

Hi,

I am trying to upgrade a project to react native 0.69.1, which depends on clii 8.0.2, but i am stuck with cli 5.0.1, which has dependencies with vulnerabilities, since parse/react-native is pulling it in.

Could you please update the deps to a newer version with no vulnerabilities?

PS C:\Users\markx\AndroidStudioProjects\CloudBank\microservices-datadriven\cloudbank\cloudbank-react-native> npm list @react-native-community/cli
[email protected] C:\Users\markx\AndroidStudioProjects\CloudBank\microservices-datadriven\cloudbank\cloudbank-react-native
├─┬ @parse/[email protected]
│ └─┬ @react-native-async-storage/[email protected]
│   └─┬ [email protected]
│     └── @react-native-community/[email protected]
└─┬ [email protected] invalid: "^0.0.0-0 || 0.60 - 0.68 || 1000.0.0" from node_modules/@react-native-async-storage/async-storage
  └── @react-native-community/[email protected]

Jun 30 '22 16:06 markxnelson

parse-react parse-react copied to clipboard

Depends on old version of react-native cli with vulnerabilities in transitive dependencies

parse-react
parse-react copied to clipboard