Description
Hi Guys,
Thanks for the awesome tool.
Could you investigate the vulnerabilities that Snyk flagged.
✗ Arbitrary Code Injection [Medium Severity][https://snyk.io/vuln/SNYK-JS-EJS-1049328] in ejs@2.7.4
introduced by react-scripts@4.0.3 > workbox-webpack-plugin@5.1.4 > workbox-build@5.1.4 > @surma/rollup-plugin-off-main-thread@1.4.2 > ejs@2.7.4
This issue was fixed in versions: 3.1.6
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905] in glob-parent@3.1.0
introduced by react-scripts@4.0.3 > webpack@4.44.2 > watchpack@1.7.5 > watchpack-chokidar2@2.0.1 > chokidar@2.1.8 > glob-parent@3.1.0
This issue was fixed in versions: 5.1.2
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY2-1079307] in html-parse-stringify2@2.0.1
introduced by react-i18next@11.8.10 > html-parse-stringify2@2.0.1
No upgrade or patch available
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-ISSVG-1085627] in is-svg@3.0.0
introduced by react-scripts@4.0.3 > optimize-css-assets-webpack-plugin@5.0.4 > cssnano@4.1.10 > cssnano-preset-default@4.0.7 > postcss-svgo@4.0.2 > is-svg@3.0.0
This issue was fixed in versions: 4.2.2
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://snyk.io/vuln/SNYK-JS-SSRI-1085630] in ssri@6.0.1
introduced by react-scripts@4.0.3 > webpack@4.44.2 > terser-webpack-plugin@1.4.5 > cacache@12.0.4 > ssri@6.0.1
This issue was fixed in versions: 8.0.1