Open lestephane opened 2 years ago
Hi @lestephane, thanks for submitting the report.
I was aware of these issues, however, it is not that easy to fix. As I'm using craco to set the configuration for CRA, there's currently a limitation in upgrading react-scripts
to v5 (https://github.com/gsoft-inc/craco/issues/378).
Until the team at Craco can fix that I can't upgrade all versions as needed.
We gotta love the JS ecosystem...
If you know a way to upgrade the dependencies, please, feel free to submit a PR and I'll review it.
When considering a starter project for my content script I either landed on:
Because of npm audit problems, I'd rather not touch this project. It's suprising that not touching a project for half a year leads to so many vulnerabilities. Is the npm ecosystem leading to write-once, throw away projects? Anyway, that is besides the point.
BUT, the problem is that it's linked to from a blog post at https://blog.logrocket.com/creating-chrome-extension-react-typescript/, so it's not going anywhere soon. If the project won't be modified anymore, there should a warning to use xyz instead, or a specific fork that is more up to date should be nominated.