chiragmaniyar7

chiragmaniyar7

Member Since 2 years ago

Experience Points
0
follower
Lessons Completed
0
follow
Best Reply Awards
0
repos

1 contributions in the last year

Pinned
Activity
Oct
13
1 month ago
Activity icon
issue

chiragmaniyar7 issue facebook/create-react-app

chiragmaniyar7
chiragmaniyar7

Regular Expression Denial of Service vulnerability in the browserslist and glob-parent.

There is a Regular Expression Denial of Service vulnerability in the browserslist and glob-parent dependency.

Here is what npm audit security report looks like:

                            === npm audit security report ===
                            
                                                Manual Review
                            Some vulnerabilities require your attention to resolve
                            
                            Visit https://go.npm.me/audit-guide for additional guidance
                            Moderate Regular Expression Denial of Service
                            
                            Package browserslist
                            
                            Patched in >=4.16.5
                            
                            Dependency of react-scripts
                            
                            Path react-scripts > react-dev-utils > browserslist
                            
                            More info https://npmjs.com/advisories/1747
                            
                            Moderate Regular expression denial of service
                            
                            Package glob-parent
                            
                            Patched in >=5.1.2
                            
                            Dependency of react-scripts
                            
                            Path react-scripts > webpack > watchpack > watchpack-chokidar2 >
                            chokidar > glob-parent
                            
                            More info https://npmjs.com/advisories/1751
                            
                            Moderate Regular expression denial of service
                            
                            Package glob-parent
                            
                            Patched in >=5.1.2
                            
                            Dependency of react-scripts
                            
                            Path react-scripts > webpack-dev-server > chokidar > glob-parent
                            
                            More info https://npmjs.com/advisories/1751
                            
                            found 3 moderate severity vulnerabilities in 2498 scanned packages
                            3 vulnerabilities require manual review. See the full report for details.

This is the dependency tree:

1. devDependencies: react-scripts > react-dev-utils > browserslist
2. devDependencies: react-scripts > webpack > watchpack > watchpack-chokidar2 > chokidar > glob-parent
3. devDependencies: react-scripts > webpack-dev-server > chokidar > glob-parent

The vulnerability has been fixed in browserslist version >= 4.16.5 (current version in react-scripts: 4.14.2) The vulnerability has been fixed in glob-parent version > 5.1.2 (current version in react-scripts: 5.1.2)

Also, could you please let us know the ETAs planned for these vulnerabilities getting fixed in react-scripts version?