react-scripts has dependency with vulnerabilities #10733

rvyh · 2021-03-23T12:23:13Z

rvyh
Mar 23, 2021

Down the line of hierarchy there is a dependency with vulnerabilities, according to the code inspection tool we use at work:

"react-scripts" "4.0.3" has “webpack" "4.44.2" has "terser-webpack-plugin" "1.4.5" has “cacache" "12.0.4" has ssri 6.0.1

ssri 6.0.1 has vulnerabilities. Safe version is 8.0.1

The latest version of webpack within 4 is 4.46.0, but it also installs ssri 6.0.1.

How to solve this issue?

*** edit ***

I see an open issue here #10699 but I'll keep this post open in case someone knows how to solve this issue, ejecting from create-react-app or something.

gregorymey-dev · 2021-03-24T08:52:32Z

gregorymey-dev
Mar 24, 2021

Down the line of hierarchy there is a dependency with vulnerabilities, according to the code inspection tool we use at work:

"react-scripts" "4.0.3" has “webpack" "4.44.2" has "terser-webpack-plugin" "1.4.5" has “cacache" "12.0.4" has ssri 6.0.1

ssri 6.0.1 has vulnerabilities. Safe version is 8.0.1

The latest version of webpack within 4 is 4.46.0, but it also installs ssri 6.0.1.

How to solve this issue?

*** edit ***

I see an open issue here #10699 but I'll keep this post open in case someone knows how to solve this issue, ejecting from create-react-app or something.

And #10698 - This is a more detailed security issue logged.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

react-scripts has dependency with vulnerabilities #10733

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

react-scripts has dependency with vulnerabilities #10733

Uh oh!

Uh oh!

rvyh Mar 23, 2021

Replies: 1 comment

Uh oh!

gregorymey-dev Mar 24, 2021

rvyh
Mar 23, 2021

gregorymey-dev
Mar 24, 2021