Open GowthamiAmp opened 1 year ago
Seems the react-scripts team does not care about vulnerabilities there are more of them which are vulnerable, for example loader-utils as well which should be already updated to 3.x... it is (just today) 9 months since the last version release! No single minor version released, no info, nothing...
I have a suspicion the project is no longer being maintained: https://news.ycombinator.com/item?id=34421816
react-scripts dependency package used nth-check@1.0.2 which is having high Vulnerability. But nth-check upgraded version has no vulnerability. So please check the possibility to fix this vulnerability.
Path: react-scripts@5.0.1 › @svgr/webpack@5.5.0 › @svgr/plugin-svgo@5.5.0 › svgo@1.3.2 › css-select@2.1.0 › nth-check@1.0.2