-
-
Notifications
You must be signed in to change notification settings - Fork 26.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
release react-dev-utils 11.0.5 #11641
Comments
Hey, do we think we could get a look at this? |
|
Hey creators, tagging you because this is a critical vulnerability in |
I'd appreciate input from someone who is a security expert or at least knows enough to be able to confirm this is a false positive, though in all probability this is just another false positive instance of #11174 Valid workarounds at the time of writing are to see if moving to |
@pzrq It is not a false positive, because you do not know how the consumers of the package use it. For example using |
This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in 5 days if no further activity occurs. |
Describe the bug
There was a security bug in immer 8.0.1 and react-dev-utils is now using 9.0.6 but react-dev-utils' version hasn't been bumped ever since, so consumers are still getting the impacted version of immer.
Can we please publish a new version?
The text was updated successfully, but these errors were encountered: