Add overrides to package.json to get off of vulnerable version of nth-check

github / codespaces-react

MIT License

364 stars 668 forks source link

Add overrides to package.json to get off of vulnerable version of nth-check #53

Closed cwndrws closed 1 year ago

cwndrws commented 1 year ago

Mitigates vulnerability of transitive dependency, nth-check. This overrides two dependencies of react-scripts to ensure we are pulling in newer versions than that with a dependency on vulnerable versions of nth-check.

If https://github.com/facebook/create-react-app/pull/13323 ever gets merged, we can remove these overrides and just pin the newer version of react-scripts.

cwndrws commented 1 year ago

I'm not entirely sure how to test this change. The app builds and runs just fine and everything seems to be working, but I'm not sure if there's anything else we want to verify, @bdmac @joshaber ?

joshaber commented 1 year ago

The app builds and runs just fine and everything seems to be working, but I'm not sure if there's anything else we want to verify, @bdmac @joshaber ?

That sounds about right to me 👍