メールで脆弱性があるよと言われた。
We found a potential security vulnerability in one of your dependencies.
Only the owner of this repository can see this message.
Manage your notification settings or learn more about vulnerability alerts.
一言で言うと脆弱性あるよ。
package.json
1 bootstrap vulnerability found in package-lock.json 2 hours ago
Remediation
Upgrade bootstrap to version 4.3.1 or later. For example:
"dependencies": {
"bootstrap": ">=4.3.1"
}
or…
"devDependencies": {
"bootstrap": ">=4.3.1"
}
Always verify the validity and compatibility of suggestions with your codebase.
直し方の例を教えてもらった。
直す。
package.jsonを直す。
"devDependencies": {
"axios": "^0.18",
- "bootstrap": "^4.0.0",
+ "bootstrap": "^4.3.1",
"cross-env": "^5.1",
"jquery": "^3.2",
"laravel-mix": "^4.0.7",
@@ -23,4 +23,4 @@
"vue": "^2.5.17",
"vue-template-compiler": "^2.5.21"
}
}
$ composer update
composerは、installやupdateやupgradeがある。
こちらの記事をいつも参考にさせていただいているが、すぐに忘れてしまう。
composer install と composer updateの違い
https://qiita.com/YusukeHigaki/items/47dd3ec23544225f7301