Skip to content

Insecure version of immer package is used in react-dev-utils #10579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kckst8 opened this issue Feb 19, 2021 · 1 comment
Closed

Insecure version of immer package is used in react-dev-utils #10579

kckst8 opened this issue Feb 19, 2021 · 1 comment
Labels
issue: bug report needs triage

Comments

@kckst8
Copy link

kckst8 commented Feb 19, 2021
edited
Loading

A High risk vulnerability was reported in the immer package: GHSA-9qmh-276g-x5pj
It was fixed in >=8.0.1....currently react-dev-utils depends on 7.x, which causes all consumers of CRA, etc. to fail npm audit
@kckst8
Copy link
Author

kckst8 commented Feb 19, 2021

duplicate

@kckst8 kckst8 closed this as completed Feb 19, 2021
@snyk-bot snyk-bot mentioned this issue Mar 30, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue: bug report needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kckst8