You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, react-scripts relies on terser-webpack-plugin, which in turn relies on serialize-javascript. It will need a bump once released. This is causing GitHub to display security alerts on a lot of react repos. I am working to collaborate a fix downstream at terser-webpack-plugin, just opening this issue for meta.
NOTE: This WILL MOST LIKELY NOT HARM YOUR APP. The library is only used at build time.
The text was updated successfully, but these errors were encountered:
You can try adding serialize-javascript in the resolutions inside package.json so you can force it to use the last update. then run yarn upgrade. This worked for me.
lockbot
locked and limited conversation to collaborators
Dec 19, 2019
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Right now,
react-scripts
relies onterser-webpack-plugin
, which in turn relies onserialize-javascript
. It will need a bump once released. This is causing GitHub to display security alerts on a lot of react repos. I am working to collaborate a fix downstream atterser-webpack-plugin
, just opening this issue for meta.NOTE: This WILL MOST LIKELY NOT HARM YOUR APP. The library is only used at build time.
The text was updated successfully, but these errors were encountered: