Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

React: fix security warnings #1026

Merged
merged 2 commits into from
Jan 28, 2022
Merged

React: fix security warnings #1026

merged 2 commits into from
Jan 28, 2022

Conversation

kevinlul
Copy link
Collaborator

All resolved by re-resolving CRA dependencies (yarn upgrade react-scripts), though the vulnerabilities aren't actually on the live codepath.

Can confirm with yarn audit that there are no complaints now.

All resolved by re-resolving CRA dependencies (yarn upgrade react-scripts), though the vulnerabilities aren't actually on the live codepath.
@github-actions github-actions bot added dependencies Pull requests that update a dependency file frontend React labels Jan 27, 2022
@kevinlul kevinlul requested a review from jennyziyi-xu January 27, 2022 17:04
@jennyziyi-xu
Copy link
Collaborator

jennyziyi-xu commented Jan 28, 2022

We are not supposed to see any vulnerabilities right? I am getting 2 vulnerabilities when running "yarn audit"
Screen Shot 2022-01-28 at 1 40 34 PM

@kevinlul
Copy link
Collaborator Author

I guess more got flagged since. Again, they aren't really on used codepaths. The first needs CRA to update SVGR per facebook/create-react-app#11780. The latter needs CRA to update resolve-url-loader one major version as well.

Copy link
Collaborator

@jennyziyi-xu jennyziyi-xu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@kevinlul kevinlul merged commit 1fdb3de into master Jan 28, 2022
@kevinlul kevinlul deleted the kevinlul/react-update branch January 28, 2022 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file frontend React
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants