search

truffle-box / react-box

Truffle, Webpack and React boilerplate.
https://truffle-box.github.io/
MIT License
736 stars 251 forks source link

Vulnerability fix #71

Closed njwest closed 5 years ago

njwest commented 5 years ago

Fixes #70 -- known remote code execution vulnerability in react-dev-utils, a sub-dependency of react-scripts.

Initially just fixed via incrementing react-dev-utils in package-lock, but went another step further and upgraded the react-scripts dependency directly in case a user uses yarn or gets rid of the package-lock

adrianmcli commented 5 years ago

Already fixed, but thanks.

njwest commented 5 years ago

Okay great, wasn't fixed at time of request :P Thanks for the software!

adrianmcli commented 5 years ago

No problem, sorry didn't get to your PR sooner!