You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a Regular Expression Denial of Service vulnerability in the browserslist and glob-parent dependency.
Here is what npm audit security report looks like:
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Regular Expression Denial of Service
Package browserslist
Patched in >=4.16.5
Dependency of react-scripts
Path react-scripts > react-dev-utils > browserslist
More info https://npmjs.com/advisories/1747
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of react-scripts
Path react-scripts > webpack > watchpack > watchpack-chokidar2 >
chokidar > glob-parent
More info https://npmjs.com/advisories/1751
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of react-scripts
Path react-scripts > webpack-dev-server > chokidar > glob-parent
More info https://npmjs.com/advisories/1751
found 3 moderate severity vulnerabilities in 2498 scanned packages
3 vulnerabilities require manual review. See the full report for details.
The vulnerability has been fixed in browserslist version >= 4.16.5 (current version in react-scripts: 4.14.2)
The vulnerability has been fixed in glob-parent version > 5.1.2 (current version in react-scripts: 5.1.2)
Also, could you please let us know the ETAs planned for these vulnerabilities getting fixed in react-scripts version?
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs.
There is a Regular Expression Denial of Service vulnerability in the browserslist and glob-parent dependency.
Here is what npm audit security report looks like:
This is the dependency tree:
The vulnerability has been fixed in browserslist version >= 4.16.5 (current version in react-scripts: 4.14.2)
The vulnerability has been fixed in glob-parent version > 5.1.2 (current version in react-scripts: 5.1.2)
Also, could you please let us know the ETAs planned for these vulnerabilities getting fixed in react-scripts version?
The text was updated successfully, but these errors were encountered: