Skip to content
This repository has been archived by the owner on Jul 19, 2021. It is now read-only.

Install the last version of react-dev-utils to fix a vulnerability #128

Open
mlegait opened this issue Feb 25, 2021 · 2 comments
Open

Install the last version of react-dev-utils to fix a vulnerability #128

mlegait opened this issue Feb 25, 2021 · 2 comments

Comments

@mlegait
Copy link

mlegait commented Feb 25, 2021

Hi 😄

We're using this library (thank you very much 🙏 ) but when we run an OWASP (Open Web Application Security Project) scan on it, it detects a vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2020-28477. This vulnerability is in the immer package which is used by [email protected]. The last version of react-dev-utils doesn't use immer anymore. So I was wondering if you could update to [email protected] (currently the highest). I can also try to submit a PR but I don't know how to check that it doesn't break anything.

Thank you for your help.
@GintV
Copy link

GintV commented Mar 8, 2021

This is needed for our project as well

@GintV
Copy link

GintV commented Mar 30, 2021

#130 has been opened

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GintV @mlegait