wozzo
commented
1 year ago PR #12172 should resolve all of those, but no work has been done on this repo since September from the looks of it.
Open aish110 opened 1 year ago
wozzo
commented
1 year ago PR #12172 should resolve all of those, but no work has been done on this repo since September from the looks of it.
mark-wiemer
commented
1 year ago See #11174, this is a non-issue
ethhandy
commented
1 month ago No update on this yet? I am having the same issue.
Node version: v14.18.3 Npm version: 6.14.15
We are using react-scripts 5.0.1 library, and facing some security vulnerabilities in its dependent packages. 1) nth-check v1.0.2 - vulnerable to Inefficient Regular Expression Complexity 2) loader-utils v2.0.2 - A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js 3) minimatch v3.0.4 - A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
These packages if upgraded to the below versions will fix the vulnerabilities: nth-check v2.0.1 minimatch v3.0.5
Please upgrade react-scripts with transitive dependencies security patches.