Getting these two outdated packages patch alerts with react-script.

[aimanmohsin03]

Issues with no direct upgrade or patch:
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032] in nth-check@1.0.2
    introduced by react-scripts@5.0.1 > @svgr/webpack@5.5.0 > @svgr/plugin-svgo@5.5.0 > svgo@1.3.2 > css-select@2.1.0 > nth-check@1.0.2
  This issue was fixed in versions: 2.0.1
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WORDWRAP-3[14](https://github.com/dbtuneai/frontend/actions/runs/5011386236/jobs/8982159072#step:5:15)9973] in word-wrap@1.2.3
    introduced by react-scripts@5.0.1 > eslint@8.40.0 > optionator@0.9.1 > word-wrap@1.2.3 and 1 other path(s)
  No upgrade or patch available

There is no current patch available for this, any idea what to do?

[AlonNavon]

Hey @aimanmohsin03,

We're part of a startup called Seal Security that mitigates software vulnerabilities in older open source versions by backporting/creating standalone security patches - enabling more straightforward remediation in cases like this. We created an nth-check 1.02-sp1 that's vulnerability-free. As with all of our patches, it's open-source and available for free.

If relevant, check out our GitHub repo if you wish to learn more, or start using our app.

Please feel free to reach us at info@seal.security if you have any requests/questions.