Open BijoyMogorBetsol opened 3 months ago
Edit your package.json in the end add this
"devDependencies": {
"@babel/plugin-proposal-private-property-in-object": "^7.21.11",
"@babel/plugin-transform-private-property-in-object": "^7.24.5"
},
"overrides": {
"react-scripts": {
"@svgr/webpack": "8.1.0",
"typescript": "5.0.2",
"postcss":"8.4.38"
}
}
edit "react-scripts": "^5.0.1",
"dependencies": {
"@testing-library/jest-dom": "^5.17.0",
"@testing-library/react": "^13.4.0",
"@testing-library/user-event": "^13.5.0",
"react": "^18.3.1",
"react-dom": "^18.3.1",
"react-scripts": "^5.0.1",
"styled-components": "^6.1.11",
"web-vitals": "^2.1.4"
},
in your terminal sync your package by
npm install
check for vulnerabilities
npm audit
Hope it help i think npm is like yarn
nth-check 1.0.2 JavaScript (Yarn)
Incorrect Comparison
Description nth-check is vulnerable to Inefficient Regular Expression Complexity Severity: High Tool: Dependency Scanning Scanner: Gemnasium
Links https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0
https://nvd.nist.gov/vuln/detail/CVE-2021-3803
Identifiers CVE-2021-3803
Gemnasium-3284fc8f-f377-4fcf-95dd-270a8b922329
Solution
Upgrade to version 2.0.1 or above.
express 4.18.2 JavaScript (Yarn)
Express.js Open Redirect in malformed URLs
Description
Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl on the contents before passing it to the location header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is res.location() but this is also called from within res.redirect().
Severity: Medium
Identifiers CWE-1035
CWE-937
webpack-dev-middleware 5.3.3 JavaScript (Yarn)
Path traversal in webpack-dev-middleware
Description
The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine.
Severity: High
Identifiers CWE-22
CWE-1035
CWE-937
postcss 7.0.39 JavaScript (Yarn)
PostCSS line return parsing error
Description
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
Severity: Medium Identifiers Gemnasium-7a2fe254-d605-4097-a4e3-7eafeb60045e
CVE-2023-44270