|
|
|
|
|
|
by dane-pgp
2144 days ago
|
|
|
Thank you for your professionalism and humility. I too would like to apologise for not giving the full context and incorrectly suggesting that the vulnerability might actually affect apps created by CRA. I think that the real concern was not the non-existent security implications (although it's a bad habit to ignore even an overzealous audit checker), but that the release process for CRA seemed to make it very hard to cut new patch releases. Your comment suggests that it wasn't so hard after all, for which I am relieved and grateful, but the policy of expecting people to wait for (and deal with the backwards incompatibility of) major version updates[0] doesn't feel like an industry best practice. [0] https://github.com/facebook/create-react-app/issues/9033#iss... |
|
|