kriasoft / react-app

Create React App with server-side code support
https://t.me/reactapp
MIT License
613 stars 84 forks source link

Vulnerabilty in webpack-dev-server dependency of react-app-tools #32

Open repositoryofexcellence opened 5 years ago

repositoryofexcellence commented 5 years ago

Hello can you fix the dependency of the react-app-tools by making it to its new version min. 3.1.6?

=== npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Missing Origin Validation │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ webpack-dev-server │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.1.6 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ react-app-tools [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ react-app-tools > webpack-dev-server │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/725 │ └───────────────┴──────────────────────────────────────────────────────────────┘