search

dxc-technology / halstack-react

Library of components for building SPAs with React and Halstack Design System
https://developer.dxc.com/halstack/
Apache License 2.0
15 stars 14 forks source link

diaas/assure-platform-react-tools - vulnerability #1751

Closed mjayaraj2 closed 8 months ago

mjayaraj2 commented 9 months ago

Describe the bug Looking over the checkov reports on the UI, assure- platform-react-tools at version 1.5 has a critical vulnerability and the react-scripts that we import to go with it

To Reproduce When I try this npm i @assure/assure-platform-react-tools@latest Getting npm ERR! code E404

Example: npm i @assure/assure-platform-react-tools@latest npm ERR! code E404 npm ERR! 404 Not Found - GET https://registry.npmjs.org/@assure%2fassure-platform-react-tools - Not found npm ERR! 404 npm ERR! 404 '@assure/assure-platform-react-tools@latest' is not in this registry. npm ERR! 404 npm ERR! 404 Note that you can also install from a npm ERR! 404 tarball, folder, http url, or git url.

Expected behaviour There should not be any vulnerabilities in the report SUer shhould be able to use @assure/assure-platform-react-tools

raquelarrojo commented 8 months ago

Hello! Thanks for opening this issue. For issues related to assure-platform-react-tools, please open them on its own repo (https://github.dxc.com/assure/assure-platform-react-tools/issues).

For installing this library you need to run npm i @diaas/assure-platform-react-tools@latest. This will install you the latest one that has not vulnerabilities, since react-scripts has been removed some weeks ago.

Thanks! @mjayaraj2