Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump webpack-dev-server to 3.11.1 in react-scripts package #10338

Closed
raghunathsandilya opened this issue Jan 5, 2021 · 1 comment
Closed

Bump webpack-dev-server to 3.11.1 in react-scripts package #10338

raghunathsandilya opened this issue Jan 5, 2021 · 1 comment
Labels
issue: proposal needs triage

Comments

@raghunathsandilya
Copy link

Hi,
I used OWASP Dependency Check plugin to detect security vulnerability in my reactjs application built using create-react-app cli.
Mainly critical issues are due to these packages present in react-scripts:4.0.1
image

Below are the Steps to reproduce the issue:

  1. Create a react application using create-react-app cli.
  2. Use OWASP dependency maven/jenkins plugin to scan the project.
  3. Open the report and see the results.

This is our package.json file

"dependencies": {
"@material-ui/core": "^4.11.2",
"bootstrap": "^4.5.3",
"react": "^16.14.0",
"react-bootstrap": "^1.4.0",
"react-dom": "^16.14.0",
"react-notifications-component": "3.0.3",
"react-router-dom": "latest",
"react-scripts": "^4.0.1"
}

The issue can be resolved by bumping the webpack-dev-server version to 3.11.1 in react-scripts-package. As of now react-scripts is using the old version(3.11.0) of webpack-dev-server.
@gaearon
Copy link
Contributor

gaearon commented Feb 18, 2021

Fixed by #10312

@gaearon gaearon closed this as completed Feb 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue: proposal needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gaearon @raghunathsandilya