Upgrade `immer` in `react-dev-utils` #11454

leleabhinav · 2021-09-17T19:24:06Z

Upgrades immer and bump version for react-dev-utils

petetnt · 2021-09-18T13:44:33Z

Hi @leleabhinav, thanks for the PR! There's already a dependabot PR tracking this, so closing this is as duplicate of #11364 :)

davilima6 · 2021-11-07T09:53:56Z

Can we reopen this PR considering

it fixes a critical vulnerability from immer <= 9.0.5
the Dependabot's PR has a wider scope, is marked as stale, is red on CI and looks not trivial to merge

$ npm audit
...
immer  <=9.0.5
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
Prototype Pollution in immer - https://github.com/advisories/GHSA-9qmh-276g-x5pj

leleabhinav added 2 commits September 17, 2021 15:10

upgrade-immer

4b2d8ad

add-package-lock

2710638

leleabhinav requested review from iansu, mrmckeb and petetnt as code owners September 17, 2021 19:24

facebook-github-bot added the CLA Signed label Sep 17, 2021

bump-version

c8a9527

leleabhinav changed the title ~~Upgrade immer~~ Upgrade immer in react-dev-utils Sep 17, 2021

petetnt mentioned this pull request Sep 18, 2021

Another critical vulnerability with immer #11450

Closed

petetnt closed this Sep 18, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade `immer` in `react-dev-utils` #11454

Upgrade `immer` in `react-dev-utils` #11454

leleabhinav commented Sep 17, 2021 •

edited

Loading

petetnt commented Sep 18, 2021

davilima6 commented Nov 7, 2021 •

edited

Loading

Upgrade immer in react-dev-utils #11454

Upgrade immer in react-dev-utils #11454

Conversation

leleabhinav commented Sep 17, 2021 • edited Loading

petetnt commented Sep 18, 2021

davilima6 commented Nov 7, 2021 • edited Loading

Upgrade `immer` in `react-dev-utils` #11454

Upgrade `immer` in `react-dev-utils` #11454

leleabhinav commented Sep 17, 2021 •

edited

Loading

davilima6 commented Nov 7, 2021 •

edited

Loading