Skip to content

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
xack20 wants to merge 1 commit into
base: main
Choose a base branch
from

fix: client/package.json & client/package-lock.json to reduce vulnera…

3e7e353
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #36

fix: client/package.json & client/package-lock.json to reduce vulnera…
3e7e353
Select commit
Loading
Failed to load commit list.
Codacy Production / Codacy Static Code Analysis required action Jul 19, 2025 in 0s

8 new issues (0 max.) of at least minor severity.

Annotations

Check warning on line 10884 in client/package-lock.json

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

client/package-lock.json#L10884 

Insecure dependency npm/brace-expansion@2.0.1 (CVE-2025-5889: brace-expansion: juliangruber brace-expansion index.js expand redos) (update to 2.0.2)

Check failure on line 16107 in client/package-lock.json

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

client/package-lock.json#L16107 

Insecure dependency npm/nth-check@1.0.2 (CVE-2021-3803: nodejs-nth-check: inefficient regular expression complexity) (update to 2.0.1)

Check failure on line 16540 in client/package-lock.json

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

client/package-lock.json#L16540 

Insecure dependency npm/path-to-regexp@1.8.0 (CVE-2024-45296: path-to-regexp: Backtracking regular expressions cause ReDoS) (update to 1.9.0)

Check failure on line 18234 in client/package-lock.json

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

client/package-lock.json#L18234 

Insecure dependency npm/protobufjs@6.11.2 (CVE-2023-36665: protobufjs: prototype pollution using user-controlled protobuf message) (update to 6.11.4)

Check warning on line 20070 in client/package-lock.json

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

client/package-lock.json#L20070 

Insecure dependency npm/postcss@7.0.39 (CVE-2023-44270: PostCSS: Improper input validation in PostCSS) (update to 8.4.31)

Check failure on line 20157 in client/package-lock.json

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

client/package-lock.json#L20157 

Insecure dependency npm/rollup@0.25.8 (CVE-2024-47068: rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS) (update to 2.79.2)

Check failure on line 20479 in client/package-lock.json

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

client/package-lock.json#L20479 

Insecure dependency npm/semver@6.3.0 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 6.3.1)

Check warning on line 22648 in client/package-lock.json

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

client/package-lock.json#L22648 

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30359: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)
View more details on Codacy Production