Create-react-app: Report High severity vulnerability in react-scripts 3.4.3 dependencies

Created on 20 Oct 2020  路  3Comments  路  Source: facebook/create-react-app

After auditing my app a high vulnerability is detected in the package object-path dependency of react-scripts.
I tried to run an audit fix however I still got the issue 1 vulnerability requires manual review. See the full report for details..
I tried to fix it manually but react-scripts is forcing the use of version 0.11.4 and I need to update it to version 0.11.5 to fix the vulnerability.

React version:
npm version: 6.14.8
current version of react-scripts: 3.4.3

image

bug report needs triage
Source
picture mariannekhanfour1
👍22

Most helpful comment

Created this PR to bump the version: https://github.com/facebook/create-react-app/pull/9841

picture johannespfeiffer on 20 Oct 2020
👍8

All 3 comments

react-scripts sets the version of resolve-url-loader to v3.1.1, the dependency has been updated in [email protected] (PR). That is, react-scripts needs to update to bump the version of resolve-url-loader.

florianeckerstorfer picture florianeckerstorfer on 20 Oct 2020
👍6

Created this PR to bump the version: https://github.com/facebook/create-react-app/pull/9841

johannespfeiffer picture johannespfeiffer on 20 Oct 2020
👍8

Let's discuss in https://github.com/facebook/create-react-app/issues/9842 of which this is a duplicate.

gaearon picture gaearon on 20 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

xgqfrms-GitHub picture xgqfrms-GitHub  路  3Comments
stopachka picture stopachka  路  3Comments
rdamian3 picture rdamian3  路  3Comments
alleroux picture alleroux  路  3Comments
Aranir picture Aranir  路  3Comments