[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

devpato wants to merge 1 commit into main from snyk-fix-0ccb0188807850698e4de94d828a8db9

Open

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #41

fix: package.json & yarn.lock to reduce vulnerabilities

Codacy Production / Codacy Static Code Analysis required action Jul 17, 2025 in 0s

12 new issues (0 max.) of at least minor severity.

Annotations

Check warning on line 442 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L442

Insecure dependency npm/@babel/helpers@7.12.17 (CVE-2025-27789: Babel is a compiler for writing next generation JavaScript. When using ...) (update to 7.26.10)

Check warning on line 1812 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L1812

Insecure dependency npm/@babel/runtime@7.12.18 (CVE-2025-27789: Babel is a compiler for writing next generation JavaScript. When using ...) (update to 7.26.10)

Check failure on line 1849 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L1849

Insecure dependency @babel/traverse@7.12.17 (CVE-2023-45133: babel: arbitrary code execution) (update to 7.23.2)

Check warning on line 3889 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L3889

Insecure dependency browserslist@4.16.3 (CVE-2021-23364: browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)) (update to 4.16.5)

Check failure on line 4351 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L4351

Insecure dependency npm/cross-spawn@7.0.3 (CVE-2024-21538: cross-spawn: regular expression denial of service) (update to 7.0.5)

Check failure on line 7470 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7470

Insecure dependency loader-utils@2.0.0 (CVE-2022-37599: loader-utils: regular expression denial of service in interpolateName.js) (update to 2.0.4)

Check failure on line 7719 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7719

Insecure dependency minimatch@3.0.4 (CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function) (update to 3.0.5)

Check failure on line 7747 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L7747

Insecure dependency minimist@1.2.5 (CVE-2021-44906: minimist: prototype pollution) (update to 1.2.6)

Check warning on line 8819 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L8819

Insecure dependency postcss@7.0.39 (CVE-2023-44270: An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...) (update to 8.4.31)

Check failure on line 9555 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L9555

Insecure dependency semver@5.7.1 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 5.7.2)

Check failure on line 9570 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L9570

Insecure dependency semver@7.3.4 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 7.5.2)

Check warning on line 10744 in yarn.lock

codacy-production / Codacy Static Code Analysis

yarn.lock#L10744

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30359: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

View more details on Codacy Production