cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon netlify

Impossible to update braces to ^3.0.3

Open quasiDigi opened this issue 1 year ago • 0 comments

Describe the bug

On my local machine

After running npm audit and npm audit fix I get the warning:

1 high severity vulnerability

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
quasi@quasiBlip astro-ananda % npm audit
# npm audit report

braces  <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix`
node_modules/netlify-cli/node_modules/braces

1 high severity vulnerability

To address all issues, run:
  npm audit fix

When checking the braces package in node_modules/netlify-cli/node_modules/, I see it's version's 3.0.2

On GitHub

Also trying to solve the issue through Dependabot throws an error:

 Dependabot encountered an unknown error

Steps to reproduce

  1. In the netlify UI, I've created an Astro site with the astro-netlify-platform-starter
  2. Installed the netlify-cli on my local machine by running npm install netlify-cli --save-dev
  3. Linked my local project to the Astro site on Netlify, to an empty repo on Github, and linked the Netlify site to the repo.
  4. Updated my local installation through npm update
  5. I get the above mentioned error.

Configuration

[[redirects]] from = "/es/*" to = "/es/404.html" status = 404

[[redirects]] from = "/*" to = "/404.html" status = 404

Environment

Had to use npx node_modules/netlify-cli/node_modules/envinfo --system --binaries --npmPackages netlify-cli --npmGlobalPackages netlify-cli

  System:
    OS: macOS 14.5
    CPU: (12) x64 Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz
    Memory: 809.07 MB / 32.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 21.5.0 - /usr/local/bin/node
    Yarn: 1.22.22 - /usr/local/bin/yarn
    npm: 10.2.4 - /usr/local/bin/npm
    pnpm: 9.0.6 - /usr/local/bin/pnpm
  npmPackages:
    netlify-cli: ^17.29.0 => 17.30.0

Here's the content of the package.json:

{
  "name": "astro-netlify-platform-starter",
  "type": "module",
  "version": "0.1.0",
  "scripts": {
    "dev": "astro dev",
    "start": "astro dev",
    "build": "astro build",
    "preview": "astro preview",
    "astro": "astro"
  },
  "dependencies": {
    "@astrojs/netlify": "^5.2.0",
    "@astrojs/partytown": "^2.1.1",
    "@astrojs/react": "^3.3.0",
    "@astrojs/sitemap": "^3.1.6",
    "@astrojs/tailwind": "^5.1.0",
    "@fontsource-variable/montserrat": "^5.0.19",
    "@fontsource/inter": "^5.0.18",
    "@netlify/blobs": "^7.3.0",
    "@netlify/functions": "^2.8.0",
    "@types/react": "^18.2.79",
    "@types/react-dom": "^18.2.25",
    "aos": "^2.3.4",
    "astro": "^4.6.2",
    "astro-favicons": "^2.0.2",
    "blobshape": "^1.0.0",
    "marked": "^13.0.0",
    "marked-shiki": "^1.1.0",
    "netlify-cli": "^17.29.0",
    "node-html-parser": "^6.1.13",
    "react": "^18.2.0",
    "react-dom": "^18.2.0",
    "sass": "^1.77.6",
    "swiper": "^11.1.4",
    "tailwindcss": "^3.4.3",
    "unique-names-generator": "^4.7.1"
  },
  "devDependencies": {
    "@types/blobshape": "^1.0.3",
    "@types/node": "^20.12.7",
    "daisyui": "^4.10.2"
  }
}

quasiDigi avatar Jun 29 '24 18:06 quasiDigi