Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Vulnearability: content-type-parser@1.0.2
See original GitHub issueThe react-scripts@1.1.0 introduces a security issue, as properly described by Snky.io.
This is because this versions added (or updated) the dependency content-type-parser@1.0.2, which leads to a security issue of Regular Expression Denial of Service (ReDoS).
All the information can be found on the links described above.
But, just in case, here is the remediation copied from snyk.io page:
Remediation
There is no fix for content-type-parser. The package was renamed from content-type-parser to whatwg-mimetype, which fixes the issue in version 2.0.0.
Issue Analytics
- State:
- Created 6 years ago
- Comments:7 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I don’t understand how this vulnerability is relevant to what we do.
This package is only used for development (in tests), not for production. How can somebody possibly DDoS your development environment?
Exactly @wtgtybhertgeghgtwtg, I’m still pretty new to the react ecosystem. And the bot snyk.io warning freaked me out.
At least you guys are aware and in next releases, maybe on 2.0.0, i don’t know, it will be fixed.
I shall learn from once for all to setup the webpack myself. hehehe