rescripts icon indicating copy to clipboard operation
rescripts copied to clipboard
verified publisher icon harrysolovay

Install the last version of react-dev-utils to fix a vulnerability

Open mlegait opened this issue 4 years ago • 2 comments

Hi 😄

We're using this library (thank you very much 🙏 ) but when we run an OWASP (Open Web Application Security Project) scan on it, it detects a vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2020-28477. This vulnerability is in the immer package which is used by [email protected]. The last version of react-dev-utils doesn't use immer anymore. So I was wondering if you could update to [email protected] (currently the highest). I can also try to submit a PR but I don't know how to check that it doesn't break anything.

Thank you for your help.

mlegait avatar Feb 25 '21 16:02 mlegait

This is needed for our project as well

GintV avatar Mar 08 '21 19:03 GintV

#130 has been opened

GintV avatar Mar 30 '21 15:03 GintV