Vulnerabilities

[nataly-chobat]

Could you please update dependencies?
react-app-rewire-scss > node-sass > request > tunnel-agent
react-app-rewire-scss > node-sass > request > hawk > sntp > hoek
react-app-rewire-scss > node-sass > request > hawk > hoek
react-app-rewire-scss > node-sass > request > hawk > cryptiles > boom > hoek
react-app-rewire-scss > node-sass > request > hawk > boom > hoek

The message about these vulnerabilities are really annoying every time when install new package. If it is possible from your side, please, fix it.

All info about vulnerabilities can be seen after running command npm audit.

Also thanks for such great package which helps to reduce a lot of time in development!

[aze3ma]

@nataly-chobat Thank you.

I think it's from node-sass side so they depends on outdated version of [email protected] you can check #2352
#2288
#2262
#2252
#2256
#2170
also you're more than welcome if you want to file a PR.

[nataly-chobat]

thanks for your answer!
You absolutely right, these vulnerabilities are caused by node-sass

Another question: why do you include less loader if it is not devMode?

if (devMode) {
      sassRules = {
				test: sassExtension,
				use: [...cssRules.use, { loader: 'sass-loader', options: sassLoaderOptions }],
			};
		} else {
			sassRules = {
				test: sassExtension,
				use: [...cssRules.loader, { loader: 'less-loader', options: lessLoaderOptions }],
			};
		}

[aze3ma]

@nataly-chobat Sorry it was wrong one SOLVED.