[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

devpato wants to merge 1 commit into main from snyk-fix-da57f84e5d7a0169407e1600137a3ecb

Open

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #40

fix: package.json & yarn.lock to reduce vulnerabilities

Codacy Production / Codacy Static Code Analysis required action Jul 14, 2025 in 0s

12 new issues (0 max.) of at least minor severity.

Annotations

Check warning on line 442 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L442

Insecure dependency npm/@babel/helpers@7.12.17 (CVE-2025-27789: Babel is a compiler for writing next generation JavaScript. When using ...) (update to 7.26.10)

Check warning on line 1812 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L1812

Insecure dependency npm/@babel/runtime@7.12.18 (CVE-2025-27789: Babel is a compiler for writing next generation JavaScript. When using ...) (update to 7.26.10)

Check failure on line 1849 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L1849

Insecure dependency @babel/traverse@7.12.17 (CVE-2023-45133: babel: arbitrary code execution) (update to 7.23.2)

Check warning on line 3889 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L3889

Insecure dependency browserslist@4.16.3 (CVE-2021-23364: browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)) (update to 4.16.5)

Check failure on line 4351 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L4351

Insecure dependency npm/cross-spawn@7.0.3 (CVE-2024-21538: cross-spawn: regular expression denial of service) (update to 7.0.5)

Check failure on line 7469 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7469

Insecure dependency loader-utils@2.0.0 (CVE-2022-37599: loader-utils: regular expression denial of service in interpolateName.js) (update to 2.0.4)

Check failure on line 7718 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7718

Insecure dependency minimatch@3.0.4 (CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function) (update to 3.0.5)

Check failure on line 7746 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7746

Insecure dependency minimist@1.2.5 (CVE-2021-44906: minimist: prototype pollution) (update to 1.2.6)

Check warning on line 8818 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L8818

Insecure dependency postcss@7.0.39 (CVE-2023-44270: An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...) (update to 8.4.31)

Check failure on line 9554 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L9554

Insecure dependency semver@5.7.1 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 5.7.2)

Check failure on line 9569 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L9569

Insecure dependency semver@7.3.4 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 7.5.2)

Check warning on line 10743 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L10743

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30359: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

View more details on Codacy Production