I have a question about new npm vulnerabilities functionality.
The problem that we have all 36 vulnerabilities fired from custom-react-scripts (before updating from 0.2.1 to 0.2.2 there were 100+ of them).
found 36 vulnerabilities (15 low, 15 moderate, 6 high) in 22104 scanned packages
Most of them are fired from hoek dependency and seems like they are already fixed many of them. Smth like that:
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of custom-react-scripts
Path custom-react-scripts > less > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Are you going to deal with it somehow in the nearest future?
Hey! Thanks for the amazing package!
I have a question about new
npmvulnerabilities functionality. The problem that we have all 36 vulnerabilities fired fromcustom-react-scripts(before updating from 0.2.1 to 0.2.2 there were 100+ of them).Most of them are fired from
hoekdependency and seems like they are already fixed many of them. Smth like that:Are you going to deal with it somehow in the nearest future?
Thanks!
node -v // 8.11.3 npm -v // 6.4.0