You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a question about new npm vulnerabilities functionality.
The problem that we have all 36 vulnerabilities fired from custom-react-scripts (before updating from 0.2.1 to 0.2.2 there were 100+ of them).
found 36 vulnerabilities (15 low, 15 moderate, 6 high) in 22104 scanned packages
Most of them are fired from hoek dependency and seems like they are already fixed many of them. Smth like that:
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of custom-react-scripts
Path custom-react-scripts > less > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Are you going to deal with it somehow in the nearest future?
Thanks!
node -v // 8.11.3
npm -v // 6.4.0
The text was updated successfully, but these errors were encountered:
Hey!
Thanks for the amazing package!
I have a question about new
npmvulnerabilities functionality.The problem that we have all 36 vulnerabilities fired from
custom-react-scripts(before updating from 0.2.1 to 0.2.2 there were 100+ of them).Most of them are fired from
hoekdependency and seems like they are already fixed many of them. Smth like that:Are you going to deal with it somehow in the nearest future?
Thanks!
node -v // 8.11.3
npm -v // 6.4.0
The text was updated successfully, but these errors were encountered: