Open parmpreetnanrhe opened 1 year ago
Try running npm i @svgr/webpack --save-dev
See issue #11174, it is OK to ignore this warning.
@wfjake Hmm is there a way to fix this just to ignore it? Because this will cause to detect on my CSEC scan.
Try running
npm i @svgr/webpack --save-dev
Might help you :)
@dave9123 Still the same good sir
Can I see which package? npm audit report
Hi @dave9123, here's the npm audit report
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via npm audit fix --force
Will install react-scripts@2.1.3, which is a breaking change
node_modules/react-scripts/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/react-scripts/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/react-scripts/node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/react-scripts/node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/react-scripts/node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts
If the Devs truly abandoned this project(Based on this discussion here) I might try to migrate to other framework like Vite, Next, or Svelte.
I forgot that you need to modify your nth-check version,
"overrides": { "nth-check": "2.0.1" },
Should be something like this
Here's me being confused, again
I am getting this as message in my terminal that the package contains 6 high severity vulnerabilities. Is it safe to go with this package these days.
I am new with this type of project. I am unable to understand all things mentioned about this topic on internet. Can anyone help to understand, Is it really be a problem which can lead to data loss or backend tracking.