Update dependency react-dev-utils to v11 [SECURITY]#335

Open

renovate[bot] wants to merge 1 commit intomasterfrom

renovate/npm-react-dev-utils-vulnerability

Contributor

renovate bot commented Aug 6, 2024 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Confidence
react-dev-utils (source)	`7.0.5` → `11.0.4`

GitHub Vulnerability Alerts

CVE-2021-24033

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.

Release Notes

facebook/create-react-app (react-dev-utils)

`v11.0.3`

`v11.0.2`

`v11.0.1`

`v11.0.0`

`v10.2.1`

`v10.2.0`

`v10.1.0`

`v10.0.0`

`v9.1.0`

`v9.0.4`

`v9.0.3`

`v9.0.2`

`v9.0.1`

`v9.0.0`

`v8.0.0`

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch 2 times, most recently from 0900373 to dbda6cb Compare

August 13, 2025 14:52

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from dbda6cb to 7a01dd9 Compare

August 19, 2025 18:41

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from 7a01dd9 to 734e039 Compare

August 31, 2025 11:32

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from 734e039 to 8715258 Compare

September 25, 2025 20:36

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from 8715258 to 3e8acd1 Compare

October 21, 2025 10:57

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from 3e8acd1 to cacb335 Compare

November 10, 2025 23:58

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from cacb335 to 74fa9f1 Compare

November 18, 2025 18:36

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from 74fa9f1 to 4355390 Compare

December 3, 2025 18:49

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from 4355390 to 73cb4a8 Compare

December 31, 2025 13:57

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from 73cb4a8 to e13bdb4 Compare

January 8, 2026 17:46

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from e13bdb4 to c8300f2 Compare

January 19, 2026 16:45

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from c8300f2 to 5292b02 Compare

February 2, 2026 18:51

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from 5292b02 to 4704689 Compare

February 12, 2026 11:30


          Update dependency react-dev-utils to v11 [SECURITY]

a7486b1

renovate bot force-pushed the renovate/npm-react-dev-utils-vulnerability branch from 4704689 to a7486b1 Compare

February 17, 2026 16:43

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet