Skip to content
This repository was archived by the owner on Jul 19, 2021. It is now read-only.
This repository was archived by the owner on Jul 19, 2021. It is now read-only.

Install the last version of react-dev-utils to fix a vulnerability #128

Open
Open
Install the last version of react-dev-utils to fix a vulnerability#128
@mlegait

Description

@mlegait
mlegait
opened on Feb 25, 2021

Hi 😄

We're using this library (thank you very much 🙏 ) but when we run an OWASP (Open Web Application Security Project) scan on it, it detects a vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2020-28477. This vulnerability is in the immer package which is used by [email protected]. The last version of react-dev-utils doesn't use immer anymore. So I was wondering if you could update to [email protected] (currently the highest). I can also try to submit a PR but I don't know how to check that it doesn't break anything.

Thank you for your help.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions