项目引用了tar等1214个开源组件，存在15个漏洞，建议升级

漏洞标题：node-tar 路径遍历漏洞漏洞编号：CVE-2021-37713 漏洞描述： node-tar是一款用于文件压缩/解压缩的软件包。 npm node-tar 存在路径遍历漏洞，该漏洞源于4.4.18、5.0.10和6.1.9之前的npm包“tar”(又名node-tar)存在任意文件创建覆盖和任意代码执行漏洞。攻击者可利用该漏洞访问受限目录之外的位置。影响范围：[6.0.0, 6.1.9) 最小修复版本：6.1.9 引入路径： react-hello@0.1.0->copy-webpack-plugin@6.4.1->cacache@15.0.6->tar@6.1.0 react-hello@0.1.0->react-scripts@4.0.3->terser-webpack-plugin@4.2.3->cacache@15.0.6->tar@6.1.0 react-hello@0.1.0->react-scripts@4.0.3->webpack@4.44.2->terser-webpack-plugin@4.2.3->cacache@15.0.6->tar@6.1.0

@abbykimi 谢谢提醒，已经更新了一波依赖版本，谢谢你治好了我的懒癌 😂

还剩了一个暂时处理不了，等待后续 react-scripts 更新后会处理。

➜  react-hello git:(master) npm audit
# npm audit report

nth-check  <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@2.1.3, which is a breaking change
node_modules/svgo/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/svgo/node_modules/css-select
    svgo  1.0.0 - 1.3.2
    Depends on vulnerable versions of css-select
    node_modules/svgo
      @svgr/plugin-svgo  <=5.5.0
      Depends on vulnerable versions of svgo
      node_modules/@svgr/plugin-svgo
        @svgr/webpack  4.0.0 - 5.5.0
        Depends on vulnerable versions of @svgr/plugin-svgo
        node_modules/@svgr/webpack
          react-scripts  >=2.1.4
          Depends on vulnerable versions of @svgr/webpack
          node_modules/react-scripts
            @craco/craco  >=6.0.0
            Depends on vulnerable versions of react-scripts
            node_modules/@craco/craco
              craco-less  >=1.7.0
              Depends on vulnerable versions of @craco/craco
              Depends on vulnerable versions of react-scripts
              node_modules/craco-less

findxc / react-hello

项目引用了tar等1214个开源组件，存在15个漏洞，建议升级 #32