This repository was archived by the owner on Jul 19, 2021. It is now read-only.
This repository was archived by the owner on Jul 19, 2021. It is now read-only.
Install the last version of react-dev-utils to fix a vulnerability #128
Description
Hi 😄
We're using this library (thank you very much 🙏 ) but when we run an OWASP (Open Web Application Security Project) scan on it, it detects a vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2020-28477. This vulnerability is in the immer package which is used by [email protected]. The last version of react-dev-utils doesn't use immer anymore. So I was wondering if you could update to [email protected] (currently the highest). I can also try to submit a PR but I don't know how to check that it doesn't break anything.
Thank you for your help.