unamednada
commented
2 years ago react-scripts 5.0.1 also has dependency to nth-check 1.0.2
Need nth-check 2.0.1 to close this issue.
Open unamednada opened 2 years ago
unamednada
commented
2 years ago react-scripts 5.0.1 also has dependency to nth-check 1.0.2
Need nth-check 2.0.1 to close this issue.
Issue found by dependabot
nth-check is vulnerable to Inefficient Regular Expression Complexity
UPDATE: Dependabot cannot update nth-check to a non-vulnerable version The latest possible version that can be installed is 1.0.2 because of the following conflicting dependency:
react-scripts@5.0.0 requires nth-check@^1.0.2 via a transitive dependency on css-select@2.1.0 The earliest fixed version is 2.0.1.