Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Immer vulnerability with react-scripts #136

Open
chapmanio opened this issue Feb 22, 2021 · 0 comments
Open

Immer vulnerability with react-scripts #136

chapmanio opened this issue Feb 22, 2021 · 0 comments
Assignees
@chapmanio
Labels
dependencies Pull requests that update a dependency file

Comments

@chapmanio
Copy link
Collaborator

Running yarn audit on the client folder is giving the following error preventing deployment:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ immer                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in>=8.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-scripts                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ react-scripts > react-dev-utils > immer                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1603                        │
└───────────────┴──────────────────────────────────────────────────────────────┘

This isn't an issue as per facebook/create-react-app#10411 (comment) but will need to be resolved to prevent yarn audit errors.

An official fix will be available in a few days, temporarily we will use a yarn resolution for this package to prevent the error.
@chapmanio chapmanio added the dependencies Pull requests that update a dependency file label Feb 22, 2021
@chapmanio chapmanio self-assigned this Feb 22, 2021
@chapmanio chapmanio mentioned this issue Mar 11, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chapmanio chapmanio

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chapmanio