[DevTools Bug]: react-devtools depends on vulnerable version of electron

This issue has been created since 2022-11-11.

Website or app

https://github.com/facebook/react/blob/main/packages/react-devtools/package.json

Repro steps

Issue

electron package versions <18.3.7 suffer from a security vulnerability: "Exfiltration of hashed SMB credentials on Windows via file:// redirect".
See GHSA-p2jh-44qj-pf2v

Solution

Upgrade electron dependency in react-devtools to >18.3.7

How often does this bug happen?

Every time

DevTools package (automated)

No response

DevTools version (automated)

No response

Error message (automated)

No response

Error call stack (automated)

No response

Error component stack (automated)

No response

GitHub query string (automated)

No response

More Details About Repo
Owner Name facebook
Repo Name react
Full Name facebook/react
Language JavaScript
Created Date 2013-05-24
Updated Date 2022-12-01
Star Count 198482
Watcher Count 6646
Fork Count 41196
Issue Count 1106

YOU MAY BE INTERESTED

Issue Title Created Date Comment Count Updated Date
feat: add progress and/or periodic output as tests are running 0 2022-06-04 2022-07-08
"No common key algorithm" error when connect to ssh server 3 2022-10-08 2022-11-19
Allow setting resolution 2 2018-07-18 2022-11-23
Trying to run save / find query, but throws error "Error during save query on DB -> ResponseError: User meg has no ALTER permission on <keyspace> or any of its parents" 1 2022-03-16 2022-10-10
[Theme Request] Illyasviel von Einzbern (Fate/kaleid liner Prisma Illya) 1 2021-10-09 2022-11-15
[Theme Request] Raphtalia (Tate no Yuusha) 1 2021-09-25 2022-11-15
Uri::decode cannot get the correct result 1 2020-09-06 2022-09-15
iManufactorer, iProfuct and iSerialNumber show "Error Accessing string" on Linux 1 2022-03-28 2022-11-22
How the model be pruned and accelerated? 1 2021-06-22 2022-11-20
Finding matches between images of two different sizes 0 2021-05-24 2022-11-20
replace findn(A) with findnz(A) 2 2022-09-13 2022-10-28
AWARENESS: New Image Builder repo! 0 2022-06-03 2022-10-30
Updating/Rebuilding occasionally rebuilds way too many packages 7 2021-11-15 2022-11-17
python3.7的dockerfile构建之后运行报错 2 2021-09-05 2022-11-30
ISP force reconnect evry 24 hours lead to "failed (28, 'Opertion to slow. Less than 5bytes/sec transferred the last 120 seconds') 4 2022-01-09 2022-10-25
[Bug]The Publishers.ReceiveOn may lead to subscriber never receive the published single when schedule is concurrent queue. 0 2022-06-02 2022-11-19
Notion - Make it possible to get more than 100 pages on database query 0 2022-01-03 2022-11-04
WABP: incoming webhook message with type unknown incl. some errors 0 2022-07-28 2022-11-06
Faster boosting time if no changes happen since last build. 1 2021-10-12 2022-10-26
[watermill-sql] Nacked message stays within one consumer 1 2021-03-04 2022-11-21
Can I use Jline to set the cursor position in the console like I can with C# with Console.SetCursorPosition(x,y)? 1 2022-02-25 2022-11-23
Import transactions from Nordigen - No duplicate detected 3 2021-12-04 2022-08-16
Bad Request. not a valid rfc 3339 formatted date 0 2021-12-06 2022-10-16
Blocks that have `supports.className` set to false still render block class name in editor 1 2022-07-20 2022-10-08
Errors importing using v3 (ESM) inside of Node (CommonJS) project 8 2022-03-11 2022-09-10
如何关闭主题代码高亮功能? 2 2021-01-05 2022-01-10
Not able to install grafana datasource plugin 8 2021-11-17 2022-11-15
It freezes on "Busy" in various random times 14 2017-11-29 2022-11-27
[GLPI 10] Cannot see & add_column on Problems & changes Kanban 0 2022-03-17 2022-11-02
Why are you not uploading? 0 2021-06-28 2022-05-17
Expo Go client keep crashing on start in iOS Simulator? [Intel chip] 3 2022-08-26 2022-09-01
Action Required: Fix Renovate Configuration 0 2021-05-29 2022-11-13
AVA Test fails due to timeout, however, exit code 0 is returned 2 2022-08-30 2022-11-15
Do not strip repeat spaces from title 1 2022-09-30 2022-11-15
Invalid execArgv for worker threads causes a subsequent TypeError 5 2022-10-31 2022-11-15
build.webconverger.com broken 1 2021-07-14 2022-11-22
Release a new version compatible with Micronaut 3.0 0 2021-06-17 2022-11-18
Firebase deploy function with secret does not set secret env 1 2022-05-11 2022-10-26
Also export a high-res, non-full-bleed version 6 2019-04-29 2022-11-30
Importing .9.png does not work 1 2018-04-09 2022-11-10
Documentation: Fixes ItemRequestOptions to use items instead of document for Triggers 6 2021-11-22 2022-10-23
[Bug] Product page Error 500 1 2021-10-12 2022-11-19
Prepare for Gradle v8 1 2021-08-04 2022-11-02
Lifetimes should be able to use raw identifiers 1 2022-06-05 2022-11-20
iOS Framework Crash on dealloc, in waitUntilDoneWithError 3 2021-10-29 2022-11-13
Mix of go back navigation and go back edit location 7 2022-07-21 2022-11-27
Secured Push Notifications not loading content on ios 10 2022-05-16 2022-10-27
Doc max height is not being honored 0 2021-06-06 2022-10-14
minikube should suggest "disabling internet sharing" for hyperkit in case of problem 2 2021-11-04 2022-11-19
[Security Solution] Detection and Response dashboard is not available by default under security. 5 2022-06-02 2022-11-19