[Summer 2021] Update vulnerable dependency in SAPP

MLH-Fellowship / pyre-check

Performant type-checking for python.

https://pyre-check.org/

MIT License

3 stars 1 forks source link

[Summer 2021] Update vulnerable dependency in SAPP #44

Closed r0rshark closed 3 years ago

r0rshark commented 3 years ago

GitHub has detected that a package defined in the sapp/ui/frontend/package-lock.json file of the facebook/sapp repository contains a security vulnerability.

Package name: react-dev-utils Affected versions: >= 0.4.0, < 11.0.4 Fixed in version: 11.0.4 Severity: MODERATE

Identifier(s): GHSA-5q6m-3h65-w53x CVE-2021-24033

We should likely just update this dependency and make sure there are no conflicts and nothing breaks

abishekvashok commented 3 years ago

Currently with sapp there are 14 vulnerabilities. I think we should fix all those (report by npm audit) we can fix!

abishekvashok commented 3 years ago

Closed via https://github.com/facebook/sapp/commit/0dbae133a5e05ab6b6725183b9bfbc6ecc0ee897