[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

xack20 wants to merge 1 commit into main from snyk-fix-f412ab787637107a95cd7ea9084ccf9c

Open

[Snyk] Security upgrade react-scripts from 4.0.3 to 5.0.0 #47

fix: client/package.json & client/package-lock.json to reduce vulnera…

Codacy Production / Codacy Static Code Analysis required action Dec 3, 2025 in 0s

16 new issues (0 max.) of at least severity.

Annotations

Check warning on line 15058 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15058

Insecure dependency npm/js-yaml@3.14.1 (CVE-2025-64718: js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and b ...) (update to 3.14.2)

Check warning on line 15413 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15413

Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37599: loader-utils: regular expression denial of service in interpolateName.js) (update to 2.0.4)

Check failure on line 15413 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15413

Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37601: loader-utils: prototype pollution in function parseQuery in parseQuery.js) (update to 2.0.3)

Check warning on line 15413 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15413

Insecure dependency npm/loader-utils@2.0.2 (CVE-2022-37603: loader-utils: Regular expression denial of service) (update to 2.0.4)

Check warning on line 15767 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15767

Insecure dependency npm/moment@2.29.1 (CVE-2022-24785: Moment.js: Path traversal in moment.locale) (update to 2.29.2)

Check warning on line 15767 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15767

Insecure dependency npm/moment@2.29.1 (CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS) (update to 2.29.4)

Check warning on line 15863 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15863

Insecure dependency npm/node-fetch@2.6.1 (CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor) (update to 2.6.7)

Check warning on line 15934 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L15934

Insecure dependency npm/nth-check@1.0.2 (CVE-2021-3803: nodejs-nth-check: inefficient regular expression complexity) (update to 2.0.1)

Check warning on line 16346 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L16346

Insecure dependency npm/path-to-regexp@1.8.0 (CVE-2024-45296: path-to-regexp: Backtracking regular expressions cause ReDoS) (update to 1.9.0)

Check warning on line 17987 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L17987

Insecure dependency npm/protobufjs@6.11.2 (CVE-2022-25878: protobufjs: Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption methods) (update to 6.11.3)

Check failure on line 17987 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L17987

Insecure dependency npm/protobufjs@6.11.2 (CVE-2023-36665: protobufjs: prototype pollution using user-controlled protobuf message) (update to 6.11.4)

Check warning on line 19823 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L19823

Insecure dependency npm/postcss@7.0.39 (CVE-2023-44270: PostCSS: Improper input validation in PostCSS) (update to 8.4.31)

Check warning on line 19910 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L19910

Insecure dependency npm/rollup@0.25.8 (CVE-2024-47068: rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS) (update to 2.79.2)

Check warning on line 20232 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L20232

Insecure dependency npm/semver@6.3.0 (CVE-2022-25883: nodejs-semver: Regular expression denial of service) (update to 6.3.1)

Check warning on line 22535 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L22535

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30359: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

Check warning on line 22535 in client/package-lock.json

codacy-production / Codacy Static Code Analysis

client/package-lock.json#L22535

Insecure dependency npm/webpack-dev-server@4.15.2 (CVE-2025-30360: webpack-dev-server: webpack-dev-server information exposure) (update to 5.2.1)

View more details on Codacy Production