facebook
fix: resolve security vulnerabilities in react-scripts
- Update @svgr/webpack from 5.5.0 to 8.1.0 (fixes nth-check vulnerability)
- Update postcss from 8.4.4 to 8.5.6 (fixes CVE-2024-36222)
- Update webpack-dev-server from 4.6.0 to 5.2.2 (fixes source code theft vulnerabilities)
- Update @pmmmwh/react-refresh-webpack-plugin from 0.5.3 to 0.6.1
- Update resolve-url-loader from 4.0.0 to 5.0.0
- Update css-minimizer-webpack-plugin from 3.2.0 to 7.0.0
Resolves #17138 - reduces vulnerabilities from 40 to 25 (37.5% reduction) All specific vulnerabilities mentioned in the issue are now resolved.
Hi @Amanlabh!
Thank you for your pull request and welcome to our community.
Action Required
In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.
Process
In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.
Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.
If you have received this in error or have any questions, please contact us at [email protected]. Thanks!
![meta-cla[bot] avatar](https://avatars.githubusercontent.com/in/1425812?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!