Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Issue with serialize-javascript #8100

Closed
RDIL opened this issue Dec 6, 2019 · 1 comment · Fixed by #8102
Closed

[Security] Issue with serialize-javascript #8100

RDIL opened this issue Dec 6, 2019 · 1 comment · Fixed by #8102
Labels
issue: bug report needs triage

Comments

@RDIL
Copy link
Contributor

RDIL commented Dec 6, 2019
edited
Loading

Right now, react-scripts relies on terser-webpack-plugin, which in turn relies on serialize-javascript. It will need a bump once released. This is causing GitHub to display security alerts on a lot of react repos. I am working to collaborate a fix downstream at terser-webpack-plugin, just opening this issue for meta.

NOTE: This WILL MOST LIKELY NOT HARM YOUR APP. The library is only used at build time.
@RDIL RDIL mentioned this issue Dec 6, 2019
Merged
@benjie benjie mentioned this issue Dec 7, 2019
Closed
@bvaughn bvaughn mentioned this issue Dec 9, 2019
Closed
@jadeleeuw jadeleeuw mentioned this issue Dec 10, 2019
Open
@weegeekps weegeekps mentioned this issue Dec 11, 2019
Closed
@AWIXOR-zz
Copy link

You can try adding serialize-javascript in the resolutions inside package.json so you can force it to use the last update. then run yarn upgrade. This worked for me.

@lock lock bot locked and limited conversation to collaborators Dec 19, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue: bug report needs triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security] Update terser webpack plugin
2 participants
@RDIL @AWIXOR-zz