Security: 4 Electron (react-devtools dep) security advisories #19279
Comments
dobrite
added
the
Status: Unconfirmed
|
Interested in contributing the ugprade? |
bvaughn
added
Component: Developer Tools
good first issue
Type: Security
and removed
Status: Unconfirmed
|
I'm interested but unfortunately I do not have time to dedicate to moving this through. Hopefully someone else will jump in and tackle this. |
|
Looks like someone else jumped on it already 😄 I'll review the PR in the morning. |
|
Fix published as v4.8 https:/facebook/react/blob/master/packages/react-devtools/CHANGELOG.md#480-july-9-2020 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
React version:
16.8.6There were 4 security issues filed against
electron, whichreact-devtoolshas as a dep. The lowest version that fixes all 4 is7.2.4but the version requirement ofelectronforreact-devtoolsis^5.0.0.I freely admit that a good solution is to install
react-devtoolsas a dev dependency, but for "reasons" that does not work for us. There are likely others out there in similar situations.These were buried deep in the releases so I am including the links here:
Electron Changelog from 5 -> 6
Electron Changelog from 6 -> 7
Thank you so much for any advice that you may be able to provide. Also thank you for all the work that you do. React, it's community, and it's ecosystem are awesome! 😎
The text was updated successfully, but these errors were encountered: