Skip to content

[Security] Issue with serialize-javascript #8100

New issue
New issue
Closed
#8102
Closed
[Security] Issue with serialize-javascript#8100
#8102
Labels
issue: bug reportneeds triage
@RDIL

Description

@RDIL
RDIL
opened on Dec 6, 2019 · edited by RDIL

Right now, react-scripts relies on terser-webpack-plugin, which in turn relies on serialize-javascript. It will need a bump once released. This is causing GitHub to display security alerts on a lot of react repos. I am working to collaborate a fix downstream at terser-webpack-plugin, just opening this issue for meta.

NOTE: This WILL MOST LIKELY NOT HARM YOUR APP. The library is only used at build time.

Activity

RDIL
added
issue: bug report
needs triage
on Dec 6, 2019
RDIL
mentioned this on Dec 6, 2019
benjie
mentioned this on Dec 7, 2019
bvaughn
mentioned this on Dec 9, 2019
jadeleeuw
mentioned this on Dec 10, 2019
andriijas
closed this as completedin #8102on Dec 11, 2019
weegeekps
mentioned this on Dec 11, 2019
AWIXOR-zz

AWIXOR-zz commented on Dec 14, 2019

@AWIXOR-zz
AWIXOR-zz
on Dec 14, 2019

You can try adding serialize-javascript in the resolutions inside package.json so you can force it to use the last update. then run yarn upgrade. This worked for me.

lock
locked and limited conversation to collaborators on Dec 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue: bug reportneeds triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @RDIL@AWIXOR-zz

      Issue actions
        [Security] Issue with serialize-javascript · Issue #8100 · facebook/create-react-app