Security vulnerability reported by dependabot

timarney / react-app-rewired

Override create-react-app webpack configs without ejecting

MIT License

9.76k stars 425 forks source link

Security vulnerability reported by dependabot #621

Closed dima-vm closed 2 years ago

dima-vm commented 2 years ago

Dependabot warns:

react-app-rewired@2.2.1 requires nth-check@^1.0.2 via a transitive dependency on css-select@2.1.0
The earliest fixed version is 2.0.1.
nth-check is vulnerable to Inefficient Regular Expression Complexity

timarney commented 2 years ago

That dependancy isn't coming from this repo https://github.com/timarney/react-app-rewired/blob/master/package.json#L18