Moderate vulnerabilities when running npx create-react-app

I get 20 moderate vulnerabilities when running `npx create-react-app`. Running `npm audit fix `does not fix it. Was wondering if this has been reported?

<img width="637" alt="Screenshot 2021-05-07 at 2 10 44 AM" src="https://user-images.githubusercontent.com/41635847/117345724-72144780-aed9-11eb-9266-5fc9f34de2d6.png">
<img width="582" alt="Screenshot 2021-05-07 at 2 11 13 AM" src="https://user-images.githubusercontent.com/41635847/117345772-835d5400-aed9-11eb-8a04-5faac8c7a658.png">

```
# npm audit report

hosted-git-info  <3.0.8

Severity: moderate
Regular Expression Deinal of Service - https://npmjs.com/advisories/1677
fix available via `npm audit fix --force`
Will install react-scripts@1.0.10, which is a breaking change
node_modules/hosted-git-info
  normalize-package-data  2.0.0 - 2.5.0
  Depends on vulnerable versions of hosted-git-info
  node_modules/normalize-package-data
    read-pkg  <=5.2.0
    Depends on vulnerable versions of normalize-package-data
    node_modules/@jest/core/node_modules/read-pkg
    node_modules/@jest/reporters/node_modules/read-pkg
    node_modules/jest-config/node_modules/read-pkg
    node_modules/jest-resolve/node_modules/read-pkg
    node_modules/jest-runner/node_modules/read-pkg
    node_modules/jest-runtime/node_modules/read-pkg
    node_modules/jest-snapshot/node_modules/read-pkg
    node_modules/read-pkg
      read-pkg-up  <=7.0.1
      Depends on vulnerable versions of read-pkg
      node_modules/@jest/core/node_modules/read-pkg-up
      node_modules/@jest/reporters/node_modules/read-pkg-up
      node_modules/jest-config/node_modules/read-pkg-up
      node_modules/jest-resolve/node_modules/read-pkg-up
      node_modules/jest-runner/node_modules/read-pkg-up
      node_modules/jest-runtime/node_modules/read-pkg-up
      node_modules/jest-snapshot/node_modules/read-pkg-up
      node_modules/read-pkg-up
        eslint-plugin-import  >=2.3.0
        Depends on vulnerable versions of read-pkg-up
        node_modules/eslint-plugin-import
          eslint-config-react-app  2.0.0 - 3.0.0-next.fb6e6f70 || >=6.0.0-next.64
          Depends on vulnerable versions of eslint-plugin-import
          node_modules/eslint-config-react-app
            react-scripts  >=1.0.11
            Depends on vulnerable versions of eslint-config-react-app
            Depends on vulnerable versions of eslint-plugin-import
            Depends on vulnerable versions of jest-resolve
            node_modules/react-scripts
        jest-resolve  25.4.0 - 26.4.0 || 26.5.2 - 26.6.2
        Depends on vulnerable versions of read-pkg-up
        node_modules/@jest/core/node_modules/jest-resolve
        node_modules/@jest/reporters/node_modules/jest-resolve
        node_modules/jest-config/node_modules/jest-resolve
        node_modules/jest-resolve
        node_modules/jest-runner/node_modules/jest-resolve
        node_modules/jest-runtime/node_modules/jest-resolve
        node_modules/jest-snapshot/node_modules/jest-resolve
          @jest/core  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
          Depends on vulnerable versions of jest-resolve
          node_modules/@jest/core
            jest  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
            Depends on vulnerable versions of @jest/core
            node_modules/jest
            jest-cli  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
            Depends on vulnerable versions of @jest/core
            node_modules/jest-cli
          @jest/reporters  25.4.0 - 25.5.1 || 26.5.2 - 26.6.2
          Depends on vulnerable versions of jest-resolve
          node_modules/@jest/reporters
          jest-config  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
          Depends on vulnerable versions of jest-resolve
          node_modules/jest-config
          jest-runner  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
          Depends on vulnerable versions of jest-resolve
          node_modules/jest-runner
            jest-circus  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
            Depends on vulnerable versions of jest-runner
            Depends on vulnerable versions of jest-runtime
            node_modules/jest-circus
          jest-runtime  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
          Depends on vulnerable versions of jest-resolve
          node_modules/jest-runtime
            @jest/test-sequencer  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
            Depends on vulnerable versions of jest-runtime
            node_modules/@jest/test-sequencer
            jest-jasmine2  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
            Depends on vulnerable versions of jest-runtime
            node_modules/jest-jasmine2
          jest-snapshot  25.4.0 - 25.5.1 || 26.5.2 - 26.6.2
          Depends on vulnerable versions of jest-resolve
          node_modules/jest-snapshot
            jest-resolve-dependencies  25.4.0 - 25.5.4 || 26.5.2 - 26.6.3
            Depends on vulnerable versions of jest-snapshot
            node_modules/jest-resolve-dependencies

20 moderate severity vulnerabilities

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Moderate vulnerabilities when running npx create-react-app #10929

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Moderate vulnerabilities when running npx create-react-app #10929

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions