Skip to content
This repository has been archived by the owner on Aug 29, 2022. It is now read-only.

Check possible vulnerabilities in deps #135

Closed
gabmontes opened this issue Nov 14, 2018 · 3 comments
Closed

Check possible vulnerabilities in deps #135

gabmontes opened this issue Nov 14, 2018 · 3 comments
Assignees
@pablen

Comments

@gabmontes
Copy link
Member

No description provided.

@pablen
Copy link
Contributor

pablen commented Nov 14, 2018

Fixed in 06da62c.

There is a remaining vulnerability warning that cannot be addressed right now, but is not that critical in our use case as it is related to potential source code sniffing while developing using Hot Module Replacement, but our code is already open source.

Info on the vulnerability:
https://www.npmjs.com/advisories/725

To fix this we would need to update to create-react-app/react-scripts > 2.0.0 which is a breaking update and is not compatible with react-app-rewired, required by this project.

@pablen pablen closed this as completed Nov 14, 2018
@abenhamdine
Copy link

abenhamdine commented Nov 14, 2018
edited

Actually, react-app-rewired is still compatible with cra 2.1.1 (we use it everyday), it's just that it's no more maintained.

@pablen pablen reopened this Nov 14, 2018
@pablen
Copy link
Contributor

pablen commented Nov 14, 2018

Thanks for the clarification @abenhamdine!
Unfortunately, our current configuration doesn't seem to play well with CRA v2. I'll need to investigate further.

@pablen pablen closed this as completed Nov 14, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@pablen pablen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gabmontes @pablen @abenhamdine