-
Notifications
You must be signed in to change notification settings - Fork 26.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
It seems that version 12.0.1 is showing a lot of warnings and some high severity vulnerabilities #30403
Comments
Seems to be caused by the new dependency on |
I have the same issue on node version 16.13.0 |
Also confirmed I'm having the same issue on 12.0.1, will hold off on 12.0.1 until this is resolved. Thought it was due to other packages but yeah it definitely seems to be due to the dependency on |
Same here. |
Similar issue: #30481 |
same here # npm audit report
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix`
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of braces
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/webpack/node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
set-value <4.0.1
Severity: high
Prototype Pollution in set-value - https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
fix available via `npm audit fix`
node_modules/set-value
cache-base >=0.7.0
Depends on vulnerable versions of set-value
Depends on vulnerable versions of union-value
node_modules/cache-base
base >=0.7.0
Depends on vulnerable versions of cache-base
node_modules/base
snapdragon 0.6.0 - 0.10.1
Depends on vulnerable versions of base
node_modules/snapdragon
braces 2.0.0 - 2.3.2
Depends on vulnerable versions of snapdragon
node_modules/micromatch/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of braces
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/webpack/node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
expand-brackets 1.0.0 - 2.1.4
Depends on vulnerable versions of snapdragon
node_modules/expand-brackets
extglob 1.0.0 - 2.0.4
Depends on vulnerable versions of snapdragon
node_modules/extglob
micromatch 3.0.0 - 3.1.10
Depends on vulnerable versions of snapdragon
node_modules/micromatch
anymatch 2.0.0
Depends on vulnerable versions of micromatch
node_modules/watchpack-chokidar2/node_modules/anymatch
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/watchpack-chokidar2/node_modules/readdirp
nanomatch >=0.1.1
Depends on vulnerable versions of snapdragon
node_modules/nanomatch
union-value *
Depends on vulnerable versions of set-value
node_modules/union-value
17 high severity vulnerabilities
To address all issues, run:
npm audit fix
PS C:\Web Dev\next> npm audit fix
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: react-server-dom-webpack@0.0.0-experimental-3c4c1c470-20211021
npm WARN Found: react@17.0.2
npm WARN node_modules/react
npm WARN react@"17.0.2" from the root project
npm WARN 5 more (@next/react-dev-overlay, next, react-dom, styled-jsx, use-subscription)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer react@"0.0.0-experimental-3c4c1c470-20211021" from react-server-dom-webpack@0.0.0-experimental-3c4c1c470-20211021
npm WARN node_modules/react-server-dom-webpack
npm WARN react-server-dom-webpack@"0.0.0-experimental-3c4c1c470-20211021" from next@12.0.1
npm WARN node_modules/next
npm WARN
npm WARN Conflicting peer dependency: react@0.0.0-experimental-3c4c1c470-20211021
npm WARN node_modules/react
npm WARN peer react@"0.0.0-experimental-3c4c1c470-20211021" from react-server-dom-webpack@0.0.0-experimental-3c4c1c470-20211021
npm WARN node_modules/react-server-dom-webpack
npm WARN react-server-dom-webpack@"0.0.0-experimental-3c4c1c470-20211021" from next@12.0.1
npm WARN node_modules/next
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: react-server-dom-webpack@0.0.0-experimental-3c4c1c470-20211021
npm WARN Found: react-dom@17.0.2
npm WARN node_modules/react-dom
npm WARN react-dom@"17.0.2" from the root project
npm WARN 2 more (@next/react-dev-overlay, next)
npm WARN
npm WARN Could not resolve dependency:
npm WARN peer react-dom@"0.0.0-experimental-3c4c1c470-20211021" from react-server-dom-webpack@0.0.0-experimental-3c4c1c470-20211021
npm WARN node_modules/react-server-dom-webpack
npm WARN react-server-dom-webpack@"0.0.0-experimental-3c4c1c470-20211021" from next@12.0.1
npm WARN node_modules/next
npm WARN
npm WARN Conflicting peer dependency: react-dom@0.0.0-experimental-3c4c1c470-20211021
npm WARN node_modules/react-dom
npm WARN peer react-dom@"0.0.0-experimental-3c4c1c470-20211021" from react-server-dom-webpack@0.0.0-experimental-3c4c1c470-20211021
npm WARN node_modules/react-server-dom-webpack
npm WARN react-server-dom-webpack@"0.0.0-experimental-3c4c1c470-20211021" from next@12.0.1
npm WARN node_modules/next
up to date, audited 785 packages in 4s
86 packages are looking for funding
run `npm fund` for details
# npm audit report
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix`
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of braces
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/webpack/node_modules/watchpack
webpack 4.0.0-alpha.0 - 5.0.0-rc.6
Depends on vulnerable versions of micromatch
Depends on vulnerable versions of watchpack
node_modules/webpack
set-value <4.0.1
Severity: high
Prototype Pollution in set-value - https://github.com/advisories/GHSA-4jqc-8m5r-9rpr
fix available via `npm audit fix`
node_modules/set-value
cache-base >=0.7.0
Depends on vulnerable versions of set-value
Depends on vulnerable versions of union-value
node_modules/cache-base
base >=0.7.0
Depends on vulnerable versions of cache-base
node_modules/base
snapdragon 0.6.0 - 0.10.1
Depends on vulnerable versions of base
node_modules/snapdragon
braces 2.0.0 - 2.3.2
Depends on vulnerable versions of snapdragon
node_modules/micromatch/node_modules/braces
node_modules/watchpack-chokidar2/node_modules/braces
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of braces
Depends on vulnerable versions of glob-parent
Depends on vulnerable versions of readdirp
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
nanomatch >=0.1.1
Depends on vulnerable versions of snapdragon
node_modules/nanomatch
union-value *
Depends on vulnerable versions of set-value
node_modules/union-value
17 high severity vulnerabilities
To address all issues, run:
npm audit fix |
Fixed on #30505. |
Fixed on #30505 indeed 👍 |
Skipping 12.0.1 because of conflicting dependencies: vercel/next.js#30403
This issue has been automatically locked due to no recent activity. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you. |
What version of Next.js are you using?
12.0.1
What version of Node.js are you using?
16.11.1
What browser are you using?
Chrome
What operating system are you using?
macOS
How are you deploying your application?
next start, next export
Describe the Bug
Hi guys, It seems that version 12.0.1 is showing a lot of warnings, as you can see here, and 17 high severity vulnerabilities
Expected Behavior
Same as 12.0.0
To Reproduce
12.0.0
The text was updated successfully, but these errors were encountered: