Vulnerability issue of css-what and normalize-url #11131

shivanibad · 2021-06-21T14:41:20Z

I am having the issues (screenshot attached) of css-what and normalize-url in my project app. Kindly look into it and help me resolve the issue.

croraf · 2021-06-21T15:52:26Z

Can this be closed in favor of: #11012 ?

rhalaly · 2021-06-28T09:59:39Z

These vulnerabilities have been around for a long time. Is there any plan to fix them??

gaearon · 2021-07-02T16:39:47Z

These warnings are false positives. There are no actual vulnerabilities affecting your app here.

To fix npm audit warnings, move react-scripts from dependencies to devDependencies in your package.json.

That will remove the false positive warnings.

I agree with the point in #11102 and will make this change so that new projects don't keep having these false positive warnings.

If you want to discuss this, please comment in #11102.

gaearon · 2021-07-02T17:05:24Z

Please see #11174.

shivanibad added issue: bug report needs triage labels Jun 21, 2021

stahlmanDesign mentioned this issue Jun 21, 2021

Rethink decision to make react-scripts a dependency instead of a devDependency #11102

Open

gaearon closed this as completed Jul 2, 2021

facebook locked as resolved and limited conversation to collaborators Jul 2, 2021

Provide feedback