High Vulnerability - nth-check Regular Expression Denial of Service (ReDoS)

[GowthamiAmp]

react-scripts dependency package used nth-check@1.0.2 which is having high Vulnerability. But nth-check upgraded version has no vulnerability.
So please check the possibility to fix this vulnerability.

Path:
react-scripts@5.0.1 › @svgr/webpack@5.5.0 › @svgr/plugin-svgo@5.5.0 › svgo@1.3.2 › css-select@2.1.0 › nth-check@1.0.2

[tomdelahaba]

Seems the react-scripts team does not care about vulnerabilities there are more of them which are vulnerable, for example loader-utils as well which should be already updated to 3.x... it is (just today) 9 months since the last version release! No single minor version released, no info, nothing...

[jzombie]

I have a suspicion the project is no longer being maintained: https://news.ycombinator.com/item?id=34421816

[WilliamPriorielloGarda]

See #11174