Fix react-scripts vulnerabilities

[faroscore]

There are a new high vulnerability with Memory Exposure that appears in nested dependency dns-packet (https://npmjs.com/advisories/1745) and moderate vulnerability with Regular Expression Denial of Service that appears in nested dependency browserslist (https://npmjs.com/advisories/1747)

[Bismarck-GM]

Same as @faroscore. Most of my warnings coming from react-scripts package dependencies. Any update soon?

[croraf]

The problem is this bonjour that hasn't been updated last 5 years :O . watson/bonjour#63 the issue on bonjor has been opened today.

react-dev-utils package should update "browserslist" dependency though.

[mvmories]

Same as the above comments. Looking forward for some updates

[IevgeniiK-AVISPL]

Same situation...

[stahlmanDesign]

Same as #11007

[ritikasib]

facing same issue with postcss vulnerabilities as well

[Anacrius]

Having the same problems with dns-packet and postcss

[jp94]

My understanding is that dns-packet@1.3.3 has the patch, and we are waiting on the advisory to update? I did a fresh npm install today, and package-lock shows dns-packet@1.3.4.

mafintosh/multicast-dns#75

[cogrod17]

Same problems here. Browserslist, postcss, and dns-packet. Uninstalling react-scripts gets rid of the vulnerabilities (of course not a solution).

[juanpedropuig]

Same problem here #11012, waiting for some update

[croraf]

dns-packet should be fixed within that library now. Run "audit fix" to fix it.

[gregmarr]

See also #10928 and and the PRs #10135 and #10697

[Primajin]

I can confirm that npm audit fix fixes the high severity issue with dns-packet.
However there are still 80 moderate vulnerabilities though.