Home > Mobile >  github Dependabot alert: Inefficient Regular Expression Complexity in nth-check
github Dependabot alert: Inefficient Regular Expression Complexity in nth-check

Time:03-04

Possible duplicate, but couldn't find any clear answers.

Dependabot cannot update nth-check to a non-vulnerable version The latest possible version that can be installed is 1.0.2 because of the following >conflicting dependency:

[email protected] requires nth-check@^1.0.2 via a transitive dependency on [email protected]

just upgraded to [email protected] from 4.0.0.

CodePudding user response:

As Dan Abramov explains in this issue, it is (very likely) a false alarm and can be safely dismissed.

More specifically, if you are using CRA and nth-check is referenced only from it, it is not an issue, because CRA is a build tool and the vulnerable code will never get into the resulting application bundle and thus will never be called by client code.

You can verify this by moving "react-scripts" into "devDependencies" in package.json and running npm audit --production.

  • Related