-
-
Notifications
You must be signed in to change notification settings - Fork 26.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Vulnerabilities in the underlying packages to be updated #9447
Comments
this will be fixed in the next release. To test it out https://gist.github.com/iansu/282dbe3d722bd7231fa3224c0f403fa1 |
Thank you for the quick response, can you tell me when is the next release? Or share your release plans? |
Note that you have to regenerate the version of |
Hi, for one of our projects after upgrading react-scripts to the latest version (reacts-scripts@3.4.3), the Veracode static code analysis tool points out that few libraries are vulnerable to uninitialized buffer allocation attacks, prototype pollution,These libraries are given below ajv@6.11.0 is vulnerable to prototype pollution. By upgrading this to a version >=6.12.4 this issue can be resolved Is there any plan to upgrade these packages to improve the security? If yes, could you please update by when these changes could be implemented. Any quick help/support you could provide on this would be much appreciated. |
This is already resolved. |
In my recent project, I've encountered a flaw highlighted by Veracode static code analysis tool that the underlying libraries in react-scripts are susceptible to various vulnerabilities such as ReDoS, Prototype Pollution, etc. The dependency libraries are serialise-javascript, ajv, sockjs all seeking some recent versions.
serialize-javascript@3.1.0 or above
ajv@6.12.3
sockjs@0.3.20 or above
I propose to update these dependencies for an improved security and reliability.
Also, please update when you are planning to do these changes, if you consider updating them.
This would also help us with our application too and an immediate remediation or help would be much appreciated. Thank you.
The text was updated successfully, but these errors were encountered: