[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

xack20 wants to merge 1 commit into main from snyk-fix-3b711f79ca62ef5346b43ee1b1bf9912

Open

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #45

fix: client/package.json & client/package-lock.json to reduce vulnera…

Codacy Production / Codacy Static Code Analysis required action Nov 19, 2025 in 0s

16 new issues (0 max.) of at least severity.

Annotations

Check warning on line 15209 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15209

Insecure dependency npm/js-yaml@3.14.1 (CVE-2025-64718: js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and b ...) (update to 3.14.2)

Check warning on line 15564 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15564

Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37599: loader-utils: regular expression denial of service in interpolateName.js) (update to 2.0.4)

Check failure on line 15564 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15564

Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37601: loader-utils: prototype pollution in function parseQuery in parseQuery.js) (update to 2.0.3)

Check warning on line 15564 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15564

Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37603: loader-utils: Regular expression denial of service) (update to 2.0.4)

Check warning on line 15933 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15933

Insecure dependency npm/moment@2.29.1 (CVE-2022-24785: Moment.js: Path traversal in moment.locale) (update to 2.29.2)

Check warning on line 15933 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15933

Insecure dependency npm/moment@2.29.1 (CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS) (update to 2.29.4)

Check warning on line 16029 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L16029

Insecure dependency npm/node-fetch@2.6.1 (CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor) (update to 2.6.7)

Check warning on line 16100 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L16100

Insecure dependency npm/nth-check@1.0.2 (CVE-2021-3803: nodejs-nth-check: inefficient regular expression complexity) (update to 2.0.1)

Check warning on line 16534 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L16534

Insecure dependency npm/path-to-regexp@1.8.0 (CVE-2024-45296: path-to-regexp: Backtracking regular expressions cause ReDoS) (update to 1.9.0)

Check warning on line 18175 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L18175

Insecure dependency npm/protobufjs@6.11.2 (CVE-2022-25878: protobufjs: Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption methods) (update to 6.11.3)

Check failure on line 18175 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L18175

Insecure dependency npm/protobufjs@6.11.2 (CVE-2023-36665: protobufjs: prototype pollution using user-controlled protobuf message) (update to 6.11.4)

Check warning on line 20011 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L20011

Insecure dependency npm/postcss@7.0.39 (CVE-2023-44270: PostCSS: Improper input validation in PostCSS) (update to 8.4.31)

Check warning on line 20098 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L20098

Insecure dependency npm/rollup@0.25.8 (CVE-2024-47068: rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS) (update to 2.79.2)

Check warning on line 20420 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L20420

Insecure dependency npm/semver@6.3.0 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 6.3.1)

Check warning on line 22664 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L22664

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30359: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

Check warning on line 22664 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L22664

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30360: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

View more details on Codacy Production