-
-
Notifications
You must be signed in to change notification settings - Fork 26.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix for known vulnerability in url-loader version #3244
Milestone
Comments
I'll accept a PR for this but there's no rush because it's for untrusted user input (& simply a DoS). |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Is this a bug report?
no
Can you also reproduce the problem with npm 4.x?
Yes
Environment
Irrelevant
Actual Behavior
There is a vulnerability identified by NSP in the version of url-loader currently set as a dependency.
"react-scripts@1.0.14 > url-loader@0.5.9 > mime@1.3.6 "
url-loader has fixed this issue since 0.6.
The text was updated successfully, but these errors were encountered: