Closed
Description
Hi,
I used OWASP Dependency Check plugin to detect security vulnerability in my reactjs application built using create-react-app cli.
Mainly critical issues are due to these packages present in react-scripts:4.0.1
Below are the Steps to reproduce the issue:
- Create a react application using create-react-app cli.
- Use OWASP dependency maven/jenkins plugin to scan the project.
- Open the report and see the results.
This is our package.json file
"dependencies": {
"@material-ui/core": "^4.11.2",
"bootstrap": "^4.5.3",
"react": "^16.14.0",
"react-bootstrap": "^1.4.0",
"react-dom": "^16.14.0",
"react-notifications-component": "3.0.3",
"react-router-dom": "latest",
"react-scripts": "^4.0.1"
}
The issue can be resolved by bumping the webpack-dev-server version to 3.11.1 in react-scripts-package. As of now react-scripts is using the old version(3.11.0) of webpack-dev-server.