Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Child library nth-check is vulnerable to CVE-2021-3803 even with the latest react-scripts@5.0.1
See original GitHub issueThere is a dependent library nth-check in react-scripts which is vulnerable to CVE-2021-3803. The mend scan is reporting this vulnerability for our project.
– react-scripts@5.0.1
±- @svgr/webpack@5.5.0
| -- @svgr/plugin-svgo@5.5.0 | – svgo@1.3.2
| -- css-select@2.1.0 | – nth-check@1.0.2
nth-check beyond v2.0.1(including) is available and safe from this vulnerability.
To fix this we have upgraded to the latest version for react-scripts (as shown above) still this dependency is not upgraded. Can you please take some action and upgrade this transitive dependency inside the parent library react-scripts at the earliest possible.
Issue Analytics
- State:
- Created a year ago
- Reactions:15
- Comments:7
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Vulnerable react-scripts 5.0.1 makes our product vulnerable. Please upgrade the react-scripts 5.0.1 at the earliest possible with transitive dependencies security patches. It should have the updated transitive dependency for nth-check by upgrading nth-check/1.0.2 to latest available version nth-check/2.1.1.
An “Inefficient Regular Expression Complexity” vulnerability is not of any concern in a build tool. Feel safe to waive this security issue. Also look at this pinned post.