Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Package vulnerabilities #14

Closed
2 tasks
shansitads opened this issue Oct 30, 2024 · 3 comments
Closed
2 tasks

Package vulnerabilities #14

shansitads opened this issue Oct 30, 2024 · 3 comments
Assignees
@shansitads @dgzct11

Comments

@shansitads
Copy link
Collaborator

shansitads commented Oct 30, 2024
edited
Loading

  • Check npm package vulnerabilities and warnings for any concerning security issues marked by dependabot
  • Resolve issues by changing versions/replacing the packages
@rgbayrak
Copy link
Contributor

rgbayrak commented Oct 31, 2024
edited
Loading

@shansitads @dgzct11 any update on this?

@shansitads
Copy link
Collaborator Author

shansitads commented Oct 31, 2024
edited
Loading

I was able to get the npm vulnerabilities down to 13 with npm audit fix and down to 8 with npm update, still looking into the remaining ones

@dgzct11
Copy link
Collaborator

dgzct11 commented Nov 5, 2024
edited
Loading

It seems that react-scripts is the cause of all the vulnerabilities. I found this github issue that explains how these aren't 'true' vulnerabilities (facebook/create-react-app#11174), and after moving react-scripts to the devDependencies and running npm auit --omit=dev it says 0 vulnerabilities.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shansitads shansitads

@dgzct11 dgzct11

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rgbayrak @shansitads @dgzct11