react-native-snap-carousel icon indicating copy to clipboard operation
react-native-snap-carousel copied to clipboard

Published 20 hours ago verified publisher icon meliorence

npm audit fix - downgrade this package version to 1.3.1

Open ashok-sl opened this issue 3 years ago • 4 comments

React Native Version - 0.64.0

@react-native-community/cli - 5.0.1-alpha.2
"react-native-snap-carousel": "^3.9.1",

When I hit npm audit I got the following response

# npm audit report

node-fetch  <=2.6.0 || 3.0.0-beta.1 - 3.0.0-beta.8
Denial of Service - https://npmjs.com/advisories/1556
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/isomorphic-fetch/node_modules/node-fetch
  isomorphic-fetch  2.0.0 - 2.2.1
  Depends on vulnerable versions of node-fetch
  node_modules/isomorphic-fetch
    fbjs  0.7.0 - 1.0.0
    Depends on vulnerable versions of isomorphic-fetch
    node_modules/react-addons-shallow-compare/node_modules/fbjs
      react-addons-shallow-compare  15.4.2 - 15.6.2 || >=16.0.0-alpha
      Depends on vulnerable versions of fbjs
      node_modules/react-addons-shallow-compare
        react-native-snap-carousel  >=1.4.0
        Depends on vulnerable versions of react-addons-shallow-compare
        node_modules/react-native-snap-carousel

5 low severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

I wonder why the npm audit asks me to downgrade the package version.

ashok-sl avatar Apr 06 '21 12:04 ashok-sl

I am also facing the same issue, any clue on how to fix this audit warning?

satheeshwaran avatar Aug 20 '21 07:08 satheeshwaran

Sorry, please allow me to advertise for my open source library! ~ I think this library react-native-reanimated-carousel will solve your problem. It is a high performance and very simple component, complete with React-Native reanimated 2

dohooo avatar Oct 08 '21 04:10 dohooo

I am also getting the same issue, Any help would be appreciated!

ankitch29 avatar Feb 28 '22 10:02 ankitch29

Facing the same issue, but instead the severity is HIGH in my npm audit report.

node-fetch <=2.6.6 Severity: high node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g The size option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/isomorphic-fetch/node_modules/node-fetch isomorphic-fetch 2.0.0 - 2.2.1 Depends on vulnerable versions of node-fetch node_modules/isomorphic-fetch fbjs 0.7.0 - 1.0.0 Depends on vulnerable versions of isomorphic-fetch node_modules/fbjs react-addons-shallow-compare 15.4.2 - 15.6.2 || >=16.0.0-alpha Depends on vulnerable versions of fbjs node_modules/react-addons-shallow-compare react-native-snap-carousel >=1.4.0 Depends on vulnerable versions of react-addons-shallow-compare node_modules/react-native-snap-carousel

Looks like updating the dependency react-native-shallow-compare from 15.6.2 to 15.6.3 would fix it. Is it possible and could anyone help? Thanks!

marinne avatar Mar 18 '22 04:03 marinne