We have react application and it is being bundled using webpack. CodeQL tool has reported a 'js/insecure-randomness' and 'js/incomplete-sanitization' compliance bugs in app.js file( file which gets created post bundling).
In this App.js, we see many occurrences of Math.Random function or code which generates cryptographically insecure pseudo-random number and instances of replace functions, however such functions or code we don't have in our React files. Therefore , we are unable to understand what and where we have to do a fixes in this case.
Can someone please help here and share pointers to fix these bugs.. Is this due to older dependencies or packages used? As above mentioned codes is not present in source files, it seems this doesn't need fix from code. Please help.