Inefficient Regular Expression Complexity in nth-check

[ProulxGaby]

Describe the bug

nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - GHSA-rp65-9cf3-cjxr
fix available via npm audit fix --force
node_modules/react-scripts/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/react-scripts/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/react-scripts/node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/react-scripts/node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/react-scripts/node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
node_modules/react-scripts

it's look like the pakage for react-scripts when we get it form npm.com that refer to the libray nth-check v 1.0.2.

wiche seem to cuz the vulnerability.

├─┬ css-select@5.1.0
│ └── nth-check@2.1.1 deduped
├── nth-check@2.1.1
└─┬ react-scripts@5.0.1
├─┬ @svgr/webpack@5.5.0
│ └─┬ @svgr/plugin-svgo@5.5.0
│ └─┬ svgo@1.3.2
│ └─┬ css-select@2.1.0
│ └── nth-check@1.0.2
├─┬ css-minimizer-webpack-plugin@3.4.1
│ └─┬ cssnano@5.1.15
│ └─┬ cssnano-preset-default@5.2.14
│ └─┬ postcss-svgo@5.1.0
│ └─┬ svgo@2.8.0
│ └─┬ css-select@4.3.0
│ └── nth-check@2.1.1 deduped
└─┬ html-webpack-plugin@5.5.3
└─┬ pretty-error@4.0.0
└─┬ renderkid@3.0.0
└─┬ css-select@4.3.0
└── nth-check@2.1.1 deduped

Did you try recovering your dependencies?

(Write your answer here.)

Which terms did you search for in User Guide?

(Write your answer here if relevant.)

Environment

System:
OS: Windows 10 10.0.19045
CPU: (6) x64 Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz
Binaries:
Node: 16.17.0 - C:\Program Files\nodejs\node.EXE
Yarn: Not Found
npm: 9.8.0 - C:\Program Files\nodejs\npm.CMD
Browsers:
Chrome: Not Found
Edge: Spartan (44.19041.1266.0), Chromium (114.0.1823.79)
Internet Explorer: 11.0.19041.1566
npmPackages:
react: ^18.2.0 => 18.2.0
react-dom: ^18.2.0 => 18.2.0
react-scripts: ^5.0.1 => 5.0.1
npmGlobalPackages:
create-react-app: Not Found

(paste the output of the command here.)

Steps to reproduce

(Write your steps here:)

1. opening the terminal
2. npm run and they say i have 6 vulnerability and ask to pass from version 5 of react-script to version 2?

Expected behavior

(Write what you thought would happen.)
To not have a warning of vulnerability

Actual behavior

(Write what happened. Please add screenshots!)

Reproducible demo

(Paste the link to an example project and exact instructions to reproduce the issue.)

[AJeschor]

Im experiencing this issue as well just after i run npx create-react-app

Environment

• Operating System: Linux 6.4.0-0.deb12.2-amd64 Add missing semver dependency #1 SMP PREEMPT_DYNAMIC Debian 6.4.4-3~bpo12+1 (2023-08-08) x86_64 GNU/Linux
• Node.js Version: v20.8.0
• npm Version: 10.2.0
• Package Manager: npm
• Project Generator (create-react-app) Version: 5.0.1

[boly38]

nth-check workaround with override

"overrides": {
    "nth-check": "2.1.1"
}

else see #11174