Replace react-hot-loader - unmaintained, security (CVE-2021-44906)

Description

Overview:

react-hot-loader should be replaced because it is no longer maintained and has security issues.

Steps to Reproduce:

react-hot-loader hasn't been maintained since Jun 1, 2021. There are 116 open issues and 246 open pull requests as of March 22, 2022: https://github.com/gaearon/react-hot-loader

react-hot-loader has security vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2020-7598 , https://nvd.nist.gov/vuln/detail/CVE-2021-44906

Steps to Fix:

The react-hot-loader maintainers say: "Please remove React-Hot-Loader": https://github.com/gaearon/react-hot-loader#moving-towards-next-step

The react-hot-loader maintainers advise to replace it by React Hot Refresh: https://github.com/facebook/react/issues/16604

Environment

None

Potential Workaround

None

Linked issues

Checklist

hide

TestRail: Results

Activity

Show:

Done

Details

Assignee

Mikita Siadykh

Reporter

Julian Ladisch

Labels

securityui-only

Priority

Story Points

Sprint

None

Development Team

Thunderjet

Fix versions

3.2.0

Release

Morning Glory (R2 2022)

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created March 22, 2022 at 10:13 AM

Updated April 7, 2022 at 1:28 PM

Resolved March 24, 2022 at 11:54 AM

Configure

TestRail: Cases

TestRail: Runs

Replace react-hot-loader - unmaintained, security (CVE-2021-44906)

Description

Environment

Potential Workaround

Linked issues

is cloned by

is duplicated by

relates to

Checklist

TestRail: Results

Activity

Details

Assignee

Reporter

Labels

Priority

Story Points

Sprint

Development Team

Fix versions

Release

TestRail: Cases

TestRail: Runs