Razzle utilizes vulnerable versions of browserslist and minimatch as nested dependencies, causing security issues.

[Shilpashree-BN]

🐛 Bug report

Razzle utilizes vulnerable versions of browserslist and minimatch as nested dependencies, causing security issues.

browserslist:

1. browserslist is the dependency required by react-dev-utils
2. react-dev-utils should be 12.0.0 or above to have next non-vulnerable version of browserslist
3. even the latest version of razzle-dev-utils package uses react-dev-utile of the version ^11.0.0
4. both react-dev-utils & razzle-dev-utils are required by razzle, even latest version of razzle (4.2.18) uses react-dev-utils: ^11.0.4 & razzle-dev-utils: 4.2.18, which has vulnerable version of browserslist

minimatch:

1. minimatch is the dependency required by wallby-webpack and recursive-readdir
2. even the latest version of wallby-webpack (3.9.16) uses non-vulnerable version of minimatch.
3. minimatch required by recursive-readdir which is required by react-dev-utils which is the dependency of razzle.
4. To have non vulnerable version of minimatch, react-dev-utils should be updated to 12.0.0, but even the latest version of razzle uses 11.0.4 (not the latest version)

Expected behavior:

Expecting a way to handle this.