Hi, I setup a new project using expo v5.4.3 and node v16.15.0 but I am getting error with some of expo’s dependency. Is there a way to resolve below error without a breaking change.
npm audit report
node-fetch <=2.6.6
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor · CVE-2022-0235 · GitHub Advisory Database · GitHub
The size
option isn’t honored after following a redirect in node-fetch - The `size` option isn't honored after following a redirect in node-fetch · CVE-2020-15168 · GitHub Advisory Database · GitHub
fix available via npm audit fix --force
Will install expo@1.0.0, which is a breaking change
node_modules/node-fetch
isomorphic-fetch 2.0.0 - 2.2.1
Depends on vulnerable versions of node-fetch
node_modules/isomorphic-fetch
fbjs 0.7.0 - 1.0.0
Depends on vulnerable versions of isomorphic-fetch
node_modules/fbjs
fbemitter 2.0.3 - 3.0.0-alpha.1
Depends on vulnerable versions of fbjs
node_modules/fbemitter
expo 14.0.0 - 44.0.6
Depends on vulnerable versions of fbemitter
node_modules/expo
5 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force