Webpack NPM Install Leads to 17 High Severity Vulnerabilities, Fixing Is a Breaking Change


Topic: Webpack NPM Install Leads to 17 High Severity Vulnerabilities, Fixing Is a Breaking Change

ansley257 premium asked 4 days ago

Expected behavior Downloading the mdb-webpack-starter and running npm install seamlessly downloads without vulnerabilities and depreciation warnings.

Actual behavior 19 Depreciation warnings, 1 moderate vulnerability, 17 high vulnerabilities. Npm audit fix resolves none, all require breaking changes. Upon npm audit fix --force, the entire program throws a dependency hell error that looks like it stems from v11.0.0 of copy-webpack-plugin and v4.46.0 of webpack. I've tried updating webpack to the version required by copy-webpack-plugin@11.0.0, but that's a breaking change for other dependencies.

I'm hoping someone has had experience with getting the correct version set up for the dependent packages and can help me figure out where I should be updating/rolling back packages.

Resources (screenshots, code snippets etc.) Dependency errors


Unfortunately copy-webpack-plugin version 11.0.0 requires webpack 5. Our webpack starter uses webpack 4. Changing the webpack version would require a configuration update. At the moment we do not plan to change the webpack version.


Please insert min. 20 characters.

FREE CONSULTATION

Hire our experts to build a dedicated project. We'll analyze your business requirements, for free.

Status

Answered

Specification of the issue
  • User: Premium
  • Premium support: Yes
  • Technology: MDB Standard
  • MDB Version: MDB5 4.4.0
  • Device: Macbook pro (M1)
  • Browser: Chrome
  • OS: Monterey
  • Provided sample code: No
  • Provided link: No