I cant Fix NPM vulnerabilities

Question

I don't know much about npm and I need to fix this problem:

# npm audit report

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
No fix available
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-create-class-features-plugin/node_modules/semver
  @babel/core  *
  Depends on vulnerable versions of @babel/helper-compilation-targets
  Depends on vulnerable versions of semver
  node_modules/@babel/core
    @babel/helper-compilation-targets  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-compilation-targets
    @babel/helper-create-class-features-plugin  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/@babel/helper-create-class-features-plugin
      @babel/plugin-transform-typescript  >=7.21.4-esm
      Depends on vulnerable versions of @babel/helper-create-class-features-plugin
      node_modules/@babel/plugin-transform-typescript
        @babel/preset-typescript  >=7.22.5
        Depends on vulnerable versions of @babel/plugin-transform-typescript
        node_modules/@babel/preset-typescript
    babel-plugin-jsx-dom-expressions  >=0.33.12
    Depends on vulnerable versions of @babel/core
    node_modules/babel-plugin-jsx-dom-expressions
      babel-preset-solid  0.17.0-beta.0 - 0.17.0-beta.3 || >=1.4.6
      Depends on vulnerable versions of @babel/core
      Depends on vulnerable versions of babel-plugin-jsx-dom-expressions
      node_modules/babel-preset-solid
        vite-plugin-solid  *
        Depends on vulnerable versions of @babel/core
        Depends on vulnerable versions of babel-preset-solid
        node_modules/vite-plugin-solid

9 moderate severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

I removed the "node_modules" folder and "package-lock.json" file and then I ran npm install, but it didn't work.

I also tried to run npm audit fix, and I installed an older "semver" version but they didn't work either.

Answer 1

Try add this code in package.json

"overrides": {
    "semver": "~7.5.2"
  }

Answer 2

I am having a similar error. I cannot get rid of it either.

semver <7.5.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/hardhat/node_modules/semver node_modules/solc/node_modules/semver hardhat >=0.1.0-rc.0 Depends on vulnerable versions of semver Depends on vulnerable versions of solc node_modules/hardhat solc >=0.4.7 Depends on vulnerable versions of semver node_modules/solc