Vulnerability issue of css-what and normalize-url

[shivanibad]

I am having the issues (screenshot attached) of css-what and normalize-url in my project app. Kindly look into it and help me resolve the issue.

[croraf]

Can this be closed in favor of: #11012 ?

[rhalaly]

These vulnerabilities have been around for a long time. Is there any plan to fix them??

[gaearon]

These warnings are false positives. There are no actual vulnerabilities affecting your app here.

To fix npm audit warnings, move react-scripts from dependencies to devDependencies in your package.json.

That will remove the false positive warnings.

I agree with the point in #11102 and will make this change so that new projects don't keep having these false positive warnings.

If you want to discuss this, please comment in #11102.

[gaearon]

Please see #11174.