How to fix npm package braces issue with react-scripts v2.1.5 when npm audit does nothing?
I ran npm install [email protected]
and then npm update
That still resulted in the 63 vulnerabilities but it did bring my braces to the current version. So I went through and updated ALL references of braces
in the package-lock.json
to 2.3.2
. I then ran npm update
again and when I ran npm audit
the vulnerabilities were gone.
Jest is a test package and will never appear in you production bundle, you can ignore this vulnerability without risks.
This package https://github.com/naugtur/npm-audit-resolver#readme can help you to ignore low vulnerabilities.