我想在我的应用程序中使用react-highcharts
。我使用了npm install react-highcharts
,它成功了,但出现了警告:
found 1 high severity vulnerability, run `npm audit fix` to fix them, or `npm audit` for details.
npm audit fix
没有执行任何操作;它说我必须手动修复这个问题。我运行npm audit
来看看是怎么回事,然后得到了
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ highcharts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=7.2.2 <8.0.0 || >=8.1.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-highcharts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-highcharts > highcharts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1227 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 994 scanned packages
1 vulnerability requires manual review. See the full report for details.
"More info" link和“Patched in”行显示这个问题在highcharts〉=8.1.1中得到了修复。最新的版本是highcharts@9.0.0
,所以我决定更新它:
❯ npm update highcharts -dd
npm info it worked if it ends with ok
npm verb cli [
npm verb cli '/usr/local/bin/node',
npm verb cli '/usr/local/bin/npm',
npm verb cli 'update',
npm verb cli 'highcharts',
npm verb cli '-dd'
npm verb cli ]
npm info using npm@6.14.10
npm info using node@v14.15.4
npm verb npm-session 0b92b8dc64938cea
npm verb update computing outdated modules to update
npm verb exit [ 0, true ]
npm timing npm Completed in 1507ms
npm info ok
“如果结果是好的,那就成功了”,但你看:
❯ npm list highcharts
myproj@1.0.0 /Users/actinidia/myproj
└─┬ react-highcharts@16.1.0
└── highcharts@6.2.0
我仍然有highcharts@6.2.0
!运行npm install highcharts
只会导致highcharts的第二个副本,尽管新版本确实是9.0.0版:
├── highcharts@9.0.0
└─┬ react-highcharts@16.1.0
└── highcharts@6.2.0
如何更新react-highcharts
将使用的依赖项?
3条答案
按热度按时间amrnrhlw1#
您应该先卸载highcharts,然后重新安装。
m3eecexj2#
我听从了ppotaczek的建议,为Highcharts安装了官方支持的 Package 器。
uplii1fm3#
删除已安装的:
node_modules
和package-lock.json
修改
package.json
,如下所示