Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
browserlist Security Vulnerability
See original GitHub issueYour dependency on browserslist v4.14.2 is vulnerable and needs to be updated here: react-dev-utils/package.json#L57.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:18
- Comments:6 (2 by maintainers)
Top Results From Across the Web
browserslist@4.14.2 - Snyk Vulnerability Database
Learn more about known browserslist 4.14.2 vulnerabilities and licenses detected. ... Snyk scans for vulnerabilities and provides fixes for free.
Read more >browserslist Security Vulnerability · Issue #15173 - GitHub
Describe the bug. NPM Advisory 1747. I know this isn't really a bug, but Storybook has several dependencies on react-dev-utils , which is...
Read more >CVE-2021-23364 Detail - NVD
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of ...
Read more >node.js - react-dev-utils latest version installs a vulnerable ...
react-dev-utils@11.0.4 installing a vulnerable version of browserlist , browserslist@4.14.2 , although we have updated package on github.
Read more >browserslist Vulnerabilities
This feed has no vulnerability sources configured. Vulnerability scanning enables third-party services to scan packages on selected feeds for known security ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Not sure if I can mention this here, but there’s also a vulnerability issue I’m getting in a project, which is with
postcssdependency inreact-scriptsand Github Dependabot is telling me to upgrade to v8.2.10 or laterUPDATE After a few days, today, I got another alert now with another dependency:
normalize-urland it won’t let me update to a non-vulnerable version due to conflicting dependencies withreact-scripts. Screenshot attached below.Can this be closed in favor of: https://github.com/facebook/create-react-app/issues/11012 ?