App: [Hold for payment 2022-11-15] [$250] Update @svgr/webpack to version 6.0.0
If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!
Problem
The package nth-check@1.0.2 has a security vulnerability introduced through @svgr/webpack@5.5.0, fixed in nth-check@2.0.1
$ npm list nth-check [12:38:18]
new.expensify@1.2.14-0 /Users/flo/Expensidev/App
├─┬ @storybook/react@6.5.10
│ └─┬ @storybook/core@6.5.10
│ └─┬ @storybook/core-server@6.5.10
│ ├─┬ @storybook/builder-webpack4@6.5.10
│ │ └─┬ html-webpack-plugin@4.5.2
│ │ └─┬ pretty-error@2.1.2
│ │ └─┬ renderkid@2.0.7
│ │ └─┬ css-select@4.3.0
│ │ └── nth-check@2.1.1 deduped
│ └─┬ @storybook/manager-webpack4@6.5.10
│ └─┬ html-webpack-plugin@4.5.2
│ └─┬ pretty-error@2.1.2
│ └─┬ renderkid@2.0.7
│ └─┬ css-select@4.3.0
│ └── nth-check@2.1.1 deduped
├─┬ @svgr/webpack@5.5.0
│ └─┬ @svgr/plugin-svgo@5.5.0
│ └─┬ svgo@1.3.2
│ └─┬ css-select@2.1.0
│ └── nth-check@1.0.2
├─┬ html-webpack-plugin@5.5.0
│ └─┬ pretty-error@4.0.0
│ └─┬ renderkid@3.0.0
│ └─┬ css-select@4.3.0
│ └── nth-check@2.1.1 deduped
└─┬ react-native-svg@12.4.4
└─┬ css-select@5.1.0
└── nth-check@2.1.1
Solution
Upgrade to @svgr/webpack@6.0.0
Expensify/Expensify Issue URL: https://github.com/Expensify/Expensify/issues/218325 Upwork URL: https://www.upwork.com/jobs/~01615065cda2c02b5a
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 50 (29 by maintainers)
Commits related to this issue
- Revert "Fix #11797 upadte @svgr/webpack to version 6.0.0" — committed to Expensify/App by AndrewGable 2 years ago
Nice speedy work!
Cool, should I apply to upwork?
Settled up, checklist complete.
Cool, let me know if I need to update or investigate anything.
@Santhosh-Sellavel Sure. It already in my PR.
Cool, so once @Gonals gives this the all clear. I’ll send the offer!
@Santhosh-Sellavel can you please review the proposals from @hungvu193 and @gadhiyamanan