React scripts ( "react-scripts": "^5.0.1") is using (@svgr/webpack@5.5.0) which has security vulnerability in one of its dependend packages.

[vishranti5]

React scripts ( "react-scripts": "^5.0.1") is using (@svgr/webpack@5.5.0) which has security vulnerability in one of its dependent packages.is it possible to upgrade this package (@svgr/webpack) to latest version in react script?

here is the hierarchy of vulnerable package ( nth-check@1.0.2)
-- react-scripts@5.0.1
+-- @svgr/webpack@5.5.0
| -- @svgr/plugin-svgo@5.5.0 | -- svgo@1.3.2
| -- css-select@2.1.0 | -- nth-check@1.0.2

so if we upgrade the @svgr/webpack@5.5.0 to @svgr/webpack@8.1.0 which is latest all the dependent packages will be upgraded.

[wtfiwtz]

#13337