Topic: Webpack NPM Install Leads to 17 High Severity Vulnerabilities, Fixing Is a Breaking Change
ansley257 premium asked 2 years ago
Expected behavior Downloading the mdb-webpack-starter and running npm install seamlessly downloads without vulnerabilities and depreciation warnings.
Actual behavior 19 Depreciation warnings, 1 moderate vulnerability, 17 high vulnerabilities. Npm audit fix resolves none, all require breaking changes. Upon npm audit fix --force, the entire program throws a dependency hell error that looks like it stems from v11.0.0 of copy-webpack-plugin and v4.46.0 of webpack. I've tried updating webpack to the version required by copy-webpack-plugin@11.0.0, but that's a breaking change for other dependencies.
I'm hoping someone has had experience with getting the correct version set up for the dependent packages and can help me figure out where I should be updating/rolling back packages.
Resources (screenshots, code snippets etc.)
Grzegorz Bujański staff answered 2 years ago
Unfortunately copy-webpack-plugin version 11.0.0 requires webpack 5. Our webpack starter uses webpack 4. Changing the webpack version would require a configuration update. At the moment we do not plan to change the webpack version.
FREE CONSULTATION
Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.
Answered
- ForumUser: Premium
- Premium support: Yes
- Technology: MDB Standard
- MDB Version: MDB5 4.4.0
- Device: Macbook pro (M1)
- Browser: Chrome
- OS: Monterey
- Provided sample code: No
- Provided link: No