Support » Theme: Spacious » Spacious Theme/ Github

  • I just added a wordpress site with the spacious theme to github and I got a lot of security alerts. They are all a version of the following. An issue with the package-lock.json file and the fix is to update various things to a later version. The theme shows as up to date in wordpress. Is this a common issue? Should I be manually updating this stuff in the file? Thanks!

    1 set-value vulnerability found in …/spacious/package-lock.json 9 hours ago
    Remediation
    Upgrade set-value to version 2.0.1 or later. For example:

    “dependencies”: {
    “set-value”: “>=2.0.1”
    }
    or…
    “devDependencies”: {
    “set-value”: “>=2.0.1”
    }

Viewing 4 replies - 1 through 4 (of 4 total)
  • @amandawalton

    Please upgrade the package.json libraries loaded within the theme to it’s latest version and then, do the npm install after that change and see if that helps you resolve the issue?

    Thanks.

    Thanks, Nitu. Do I just download the files from github and copy into my theme folder? And is npm install something I do in the command line? NPM install is totally new to me.

    I was able to resolve the errors by going in manually and making the suggested updates and everything seems to be working…

    Thanks again!

    @amandawalton

    In order to update the theme in your site, you can update the theme directly via your WordPress dashboard. No need to do anything with GitHub since it is for development work and once stable, we will push/release it within WordPress theme directory. Hope this clarifies your issue.

    Thanks.

    Ok, my WordPress dashboard says the theme is up to date, so I don’t think I can update anything that way. I am not getting the errors after making the manual changes, so I will just keep going and hope for the best!

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.