-
-
Notifications
You must be signed in to change notification settings - Fork 26.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm audit failure (high) due to "css-what" #11067
Comments
Would be great to get this prioritized 👍 |
So i am new to web development and using react. I recently realised that there are a lot of vulnerable packages in react-scripts. those dont seem to be fixable with "npm audit fix" and require a manual review. I searched around and there doesn't seem to a proper fix so far. Do we just have to wait for a new CRA version? |
This same scenario happened a few weeks ago with the lib |
Duplicate #11081 |
Another one is #11012 |
These warnings are false positives. There are no actual vulnerabilities affecting your app here. To fix That will remove the false positive warnings. I agree with the point in #11102 and will make this change so that new projects don't keep having these false positive warnings. If you want to discuss this, please comment in #11102. |
Please see #11174. |
Describe the bug
npm audit currently fails on react-scripts@4.0.3 due to a high security vulnerability in css-what. The dependency paths are as follows.
The respective npm advisory is at https://www.npmjs.com/advisories/1745.
Steps to reproduce
Expected behavior
npm audit can exit successfuly.
Actual behavior
npm audit fails
The text was updated successfully, but these errors were encountered: