Fix React security vulnerabilities via npm audit fix and overrides#277
Fix React security vulnerabilities via npm audit fix and overrides#277vmuralictr wants to merge 2 commits into
Conversation
Reduced vulnerabilities from 54 to 4 (all moderate, dev-only). Added package.json overrides for nth-check, postcss, serialize-javascript, @tootallnate/once, and underscore. Remaining 4 are locked in react-scripts uuid chain with no non-breaking fix available (CRA upstream limitation). Signed-off-by: vmuralictr <vmurali.ctr@gmail.com>
|
I tested this change today and ran into this error:
As I understand it, this error is being thrown because before Node.js 19 crypto requires explicit importing (it's not a global variable). Ubuntu 24.04 ships with version 18.19.1 - which we want to continue to support, so we'll want to find a way around this. @vmuralictr Do you want to adjust this PR to remove the serialize-javascript update that I noted inline? When I tested with that change, it worked fine. |
|
I spoke too soon. With this change applied the search results aren't working properly. I tested this change with the AlmaLinux 9 and Debian 11 and 12 sources loaded. When I search for "vim" it gives me 155 results, as expected. When I use the dropdown menu it seems to properly show just the results from Debian 11 & 12, but it shows no results for AlmaLinux 9 (it should show 2 results, like it does in Flask). I've included a few screenshots. 
|
Signed-off-by: vmuralictr <vmurali.ctr@gmail.com>
2 participants
Reduced vulnerabilities from 54 to 4 (all moderate, dev-only). Added package.json overrides for nth-check, postcss, serialize-javascript, @tootallnate/once, and underscore. Remaining 4 are locked in react-scripts uuid chain with no non-breaking fix available (CRA upstream limitation).