I want to deploy my app But there are 3 vulnerabilities I didn't understand how to slove them. i used npm audit fix also I sloved some vulnerabilities with manual updating them.so this is th manual review someone help me :
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Regular Expression Denial of Service
Package browserslist
Patched in >=4.16.5
Dependency of react-scripts
Path react-scripts > react-dev-utils > browserslist
More info https://npmjs.com/advisories/1747
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of react-scripts
Path react-scripts > webpack > watchpack > watchpack-chokidar2 >
chokidar > glob-parent
More info https://npmjs.com/advisories/1751
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of react-scripts
Path react-scripts > webpack-dev-server > chokidar > glob-parent
More info https://npmjs.com/advisories/1751
found 3 moderate severity vulnerabilities in 2195 scanned packages
3 vulnerabilities require manual review. See the full report for details.
The answer here gives a good explanation.
Normally, you would try these solutions, in order:
npm audit fix (it sounds like you have already done this)npm audit fix --forcenpm i react-scripts (the parent package of the package with the vuln)npm i browserslist@4.16.5 glob-parent@5.1.2 (the vuln packages themselves)However, we can see that (at the time I'm writing this) the issue is not resolved in react-dev-utils' package.json. Additionally, the package.json uses an exact version (no caret). These two facts mean that none of these solutions listed above will work.
You have two options:
I would strongly suggest the latter approach.