react-scripts has dependency with vulnerabilities

[rvyh]

Down the line of hierarchy there is a dependency with vulnerabilities, according to the code inspection tool we use at work:

"react-scripts" "4.0.3" has “webpack" "4.44.2" has "terser-webpack-plugin" "1.4.5" has “cacache" "12.0.4" has ssri 6.0.1

ssri 6.0.1 has vulnerabilities. Safe version is 8.0.1

The latest version of webpack within 4 is 4.46.0, but it also installs ssri 6.0.1.

How to solve this issue?

*** edit ***

I see an open issue here #10699 but I'll keep this post open in case someone knows how to solve this issue, ejecting from create-react-app or something.

[gregorymey-dev]

Down the line of hierarchy there is a dependency with vulnerabilities, according to the code inspection tool we use at work:

"react-scripts" "4.0.3" has “webpack" "4.44.2" has "terser-webpack-plugin" "1.4.5" has “cacache" "12.0.4" has ssri 6.0.1

ssri 6.0.1 has vulnerabilities. Safe version is 8.0.1

The latest version of webpack within 4 is 4.46.0, but it also installs ssri 6.0.1.

How to solve this issue?

*** edit ***

I see an open issue here #10699 but I'll keep this post open in case someone knows how to solve this issue, ejecting from create-react-app or something.

And #10698 - This is a more detailed security issue logged.