kevingio-julo
commented
10 months ago up
Open AnupSingh97 opened 11 months ago
kevingio-julo
commented
10 months ago up
jjanczur
commented
6 months ago +1
AlfaroLore
commented
2 months ago up
jjanczur
commented
2 months ago We migrated to Vite and I recommend you the same. This project is dead and Meta won't upgrade any libraries
Describe the bug
react-scripts@5.0.1 is using @babel/traverse@7.22.8 which has a critical vulnerability and was reported by Synk.
Introduced through: react-scripts@5.0.1 › @babel/core@7.22.9 › @babel/traverse@7.22.8 Introduced through: react-scripts@5.0.1 › @babel/core@7.22.9 › @babel/helpers@7.22.6 › @babel/traverse@7.22.8 Introduced through: react-scripts@5.0.1 › jest@27.5.1 › @jest/core@27.5.1 › jest-config@27.5.1 › @jest/test-sequencer@27.5.1 › jest-runtime@27.5.1 › jest-snapshot@27.5.1 › @babel/traverse@7.22.8
The package @babel/traverse@7.22.8 used in react-scripts@5.0.1 has a critical security vulnerability reported by Synk. This vulnerability is introduced through multiple dependencies, including @babel/core@7.22.9, @babel/helpers@7.22.6, and indirectly through Jest dependencies (jest@27.5.1, @jest/core@27.5.1, jest-config@27.5.1, @jest/test-sequencer@27.5.1, jest-runtime@27.5.1, jest-snapshot@27.5.1).
Vulnerability Details:
Vulnerable Package: @babel/traverse Vulnerable Version: 7.22.8 Affected Dependencies: react-scripts@5.0.1 @babel/core@7.22.9 @babel/helpers@7.22.6 jest@27.5.1 @jest/core@27.5.1 jest-config@27.5.1 @jest/test-sequencer@27.5.1 jest-runtime@27.5.1 jest-snapshot@27.5.1
Recommended Fix: Update the @babel/traverse package to the latest non-vulnerable version.