Closed
Description
npm audit shows that there are 11 vulnerabilities in SCRIPT-8's packages. Upgrading react-scripts to 1.1.4 fixes most of them: npm install [email protected]
After upgrading, there are only 2:
Critical - macaddress - Command Injection Vulnerability - Node Security advisory link
Moderate - base64url - Out-of-bounds Read Vulnerability - Node Security advisory link
gh-pages requires base64url.
The path for macaddress:
react-scripts > css-loader > cssnano >postcss-filter-plugins > uniqid > macaddress
base64url can also be fixed by upgrading to >= 3.0.0
However, macaddress hasn't got any patch it's vulnerability.
- Fix the vulnerability in
macaddress - Fix the vulnerability in
base64url