Security Vulnerabilities in the underlying packages to be updated #9447
Comments
|
this will be fixed in the next release. To test it out https://gist.github.com/iansu/282dbe3d722bd7231fa3224c0f403fa1 |
|
Thank you for the quick response, can you tell me when is the next release? Or share your release plans? |
|
Note that you have to regenerate the version of |
|
Hi, for one of our projects after upgrading react-scripts to the latest version ([email protected]), the Veracode static code analysis tool points out that few libraries are vulnerable to uninitialized buffer allocation attacks, prototype pollution,These libraries are given below [email protected] is vulnerable to prototype pollution. By upgrading this to a version >=6.12.4 this issue can be resolved Is there any plan to upgrade these packages to improve the security? If yes, could you please update by when these changes could be implemented. Any quick help/support you could provide on this would be much appreciated. |
|
This is already resolved. |
In my recent project, I've encountered a flaw highlighted by Veracode static code analysis tool that the underlying libraries in react-scripts are susceptible to various vulnerabilities such as ReDoS, Prototype Pollution, etc. The dependency libraries are serialise-javascript, ajv, sockjs all seeking some recent versions.
[email protected] or above
[email protected]
[email protected] or above
I propose to update these dependencies for an improved security and reliability.
Also, please update when you are planning to do these changes, if you consider updating them.
This would also help us with our application too and an immediate remediation or help would be much appreciated. Thank you.
The text was updated successfully, but these errors were encountered: